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Description 

Field of the Invention 

[0001] The present invention relates to an apparatus 5 
for displaying, storing, copying, editing or transmitting 
digital data in using data, and intends to protect digital 
data copyrights. 

Background of the Invention 

[0002] In information-oriented society of today, a da- 
tabase system has been spread in which various data 
values having independently been stored in each com- 
puter so far are mutually used by connecting computers 
by communication lines. 

[0003] The information having been handled by the 
database system is classical type coded information 
which can be processed by a computer and has a small 
amount of information or monochrome binary data like 
facsimile data at most. Therefore, the database system 
has not been able to handle data with an extremely large 
amount of information such as a natural picture and a 
motion picture. 

[0004] However, while the digital processing tech- 
nique for various electric signals develops, development 
of the digital processing art for a picture signal other than 
binary data having been handled only as an analog sig- 
nal is progressed. 

[0005] By digitizing the above picture signal, a picture 
signal such as a television signal can be handled by a 
computer. Therefore, a "multimedia system" for han- 
dling various data handled by a computer and picture 
data obtained by digitizing a picture signal at the same 
time is noticed as a future technique. 
[0006] Because picture data includes an overwhelm- 
ingly large amount of information compared to character 
data and audio data, it is difficult to directly store or trans- 
mit the picture data or apply various processings to the 
picture data by a computer. 

[0007] Therefore, it has been considered to compress 
or expand the picture data and several standards for 
compressing or expanding picture data have been pre- 
pared. Among those standards, the following standards 
have been prepared so far as common standards: JPEG 
(Joint Photographic image coding Experts Group) 
standard for a still picture, H.261 standard for a video 
conference, MPEG1 (Moving Picture image coding Ex- 
perts Group 1) standard for storing pictures, and 
MPEG2 corresponding to the present telecast and the 
high-definition telecast 

[0008] Real-time processing of digital picture data has 
been realized by these techniques. 
[0009] Because hitherto widely-spread analog data is 
deteriorated in quality whenever storing, copying, edit- 
ing, or transmitting it, copyrights produced due to the 
above operation has not been a large problem. Howev- 
er, because digital data is not deteriorated in quality after 



repeatedly storing, copying, editing, or transmitting it, 
the control of copyrights produced due to the above op- 
eration is a large problem. 

[001 0] Because there is not hitherto any exact method 
for dealing with a copyright for digital data, the copyright 
is handled by the Copyright Act or relevant contracts. 
Even in the Copyright Act, compensation money for a 
digital-type sound- or picture-recorder is only systema- 
tized. 

[0011] Use of a database includes not only referring 
to the contents of the database but also normally effec- 
tively using the database by storing, copying, or editing 
obtained data. Moreover, it is possible to transmit edited 
data to another person via on-line by a communication 
line or a proper recording medium. 
[0012] Furthermore, it is possible to transmit the edit- 
ed data to the database to enter it as new data. 
[0013] In an existing database system, only character 
data is handled. In a multimedia system, however, audio 
data and picture data which are originally analog data 
are digitized and formed into a database in addition to 
the data such as characters which have been formed 
into a database so far. 

[0014] Under the above situation, how to deal with a 
copyright of data formed into a database is a large prob- 
lem. However, there has not been adequate copyright 
management means for solving the problem so far, par- 
ticularly copyright management means completed for 
secondary utilization of the data such as copying, edit- 
ing, or transmitting of the data. 
[0015] Although data of "Software with advertise- 
ment" or free software" is, generally, available free of 
fee, it is copyrighted and its use may be restricted by the 
copyright depending on the way of use. 
[001 6] Document EP 0 430 734 A1 discloses a meth- 
od and apparatus to protect application program soft- 
ware executed on a main PC. This is achieved by con- 
necting an additional unit to the main PC which operates 
upon insertion of a PC card distributed together with a 
application software to be executed. The PC card com- 
prises a microprocessor, a local bus, a ROM, a RAM 
and an EEPROM. The application program software 
can only be completely executed on the main PC if it 
transmits coded data to the PC card which then get de- 
coded by a decryption program implemented on the PC 
card and transmitted back to the main PC. Hence, the 
protection mechanism is established. 
[0017] The inventor of the present invention etal. pro- 
posed a system for managing a copyright by obtaining 
a permit key from a key control center via a public tele- 
phone line through Japanese Patent Laid-Open No. 
46419/1994 and Japanese [latent Lard-Open No. 
1 41 004/1 994 and moreover, proposed an apparatus for 
managing the copyright through Japanese Patent Laid- 
Open No. 132916/1994. 

[001 8] Furthermore, they proposed a system for man- 
aging a copyright of digital data through Japanese Pat- 
ent Application No. 64889/1994, which corresponds to 
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EP^A-0 677 949, which is an Article 54 (3) EPC docu- 
ment, and Japanese Patent Application No. 
237673/1994, which corresponds to EP-A-0 704 785, 
which is an Article 54(3) EPC document. 
[0019] In these systems and apparatus, one who 
wants to view and listen encrypted programs requests 
to a control center for viewing by using communication 
device via a communications line, and lie control center 
sends a permit key to the requester, performs charging 
and collects a fee. 

[0020] After receiving the permit key, the requester 
sends the permit key to a receiver by using an on-line 
or offline means, the receiver then decrypts the encrypt- 
ed programs using the permit key. 
[0021] Moreover, the system disclosed in Japanese 
Patent Application No. 64889/1994 uses a program and 
copyright information for managing the copyright in ad- 
dition to the permit key so that the copyright in display 
(including process to sound), storage, copying, editing, 
or transmitting of the digital data in a database system 
including real-time transmission of a digital picture can 
be managed. The program for managing fie copyright 
watches and manages to prevent users from using other 
than the conditions of user's request or permission. 
[0022] The Japanese Patent Application No. 
64889/1 994 further discloses that data is supplied with 
encrypted from a database, decrypted by copyright 
management program when displayed or edited, and 
encrypted again when it is stored, copied or transmitted. 
Also the copyri ght management program itself being 
encrypted; decrypted by a permit key; the copyright 
management program thus decrypted performing en- 
cryption and decryption of copyright data; and when da- 
ta is utilized other than storage and displaying, copyright 
information including information of the Person who has 
utilized, being stored as history in addition to original 
copyright information, are disclosed. 
[0023] Though the present invention is described be- 
low, general description is made for cryptography at first. 
[0024] The cryptography includes a secret-key cryp- 
tosystem and a public-key cryptosystem. 
[0025] The secret-key cryptosystem is a cryptosys- 
tem using the same crypt key for encryption and decryp- 
tion. While this cryptosystem requires only a short time 
forencryption or decryption, the secret-key is found, and 
thus, the cryption may be cryptanalized. 
[0026] The public-key cryptosystem is a cryptosystem 
in which a key for encryption is open to the public as a 
public-key and a key for decryption is not open to the 
public. The key for encryption is referred to as a public- 
key and the key for decryption is referred to as a private- 
key. To use this cryptosystem, it is necessary that a party 
for transmitting information encrypts the information 
with a public-key of a party for receiving the information 
and the party for receiving the information decrypts the 
information with a private-key not open to the public. 
While this cryptosystem requires relatively a long time 
for encryption or decryption, the private-key can hardly 



4 

be found and it is very difficult to cryptanalyze the cryp- 
tion. 

[0027] In the cryptography, a case of encrypting a 
plaintext M with a crypt key K to obtain a cryptogram C 
s is expressed as 

C = E(K, M) 

io and a case of decrypting the cryptogram C with the crypt 
key K to obtain the plaintext M is expressed as 

M = D(K, C). 

15 

[0028] The cryptosystem used for the present inven- 
tion uses a secret-key cryptosystem in which the same 
secret-key Ks is usedforencryptlon and decryption, and 
a public-key cryptosystem in which a public-key Kb is 
20 used for encryption of a plaintext and a private -key Kv 
is used for decryption of a cryptogram. 
[0029] Figure 1 shows a structure of the data copy- 
right management system disclosed in the prior Japa- 
nese Patent Application No. 237673/1994 in which the 
25 apparatus for data copyright management system of the 
present invention is used. 

[0030] In this system, encrypted data is two-way sup- 
plied in accordance with a request from the primary user 
4. 

30 [0031 ] This system uses the secret- key cryptosystem 
and the public-key cryptosystem as a cryptosystem. 
[0032] it is matter of course that this system can be 
applied when using a satellite broadcast, ground wave 
broadcast, CATV broadcast or a recording medium oth- 
35 er than a database as data supply means provided with 
advertisement requiring no charge or encryption. 
[0033] In this system, reference numeral 1 represents 
a database, 4 represents a primary user terminal, 5 rep- 
resents a secondary user terminal, 6 represents a terti- 
40 ary user terminal, and 7 represents an n-order user ter- 
minal. 

[0034] And 3 represents a copyright management 
center, 8, 9, and 1 0 represent a secondary copyright da- 
ta, tertiary copyright data, and n-order copyright data 
45 stored at the copyright management center 3, and 2 rep- 
resents a communication network such as a public tel- 
ephone line offered by a communication enterprise or a 
CATV line offered by a cable television enterprise. 
[0035] On the above arrangement, the database 1 , 
so primary user terminal 4, secondary user terminal 5, ter- 
tiary user terminal 6, n-order user terminal 7, and cop- 
yright management center 3 are connected to the com- 
munication network 2 and also they can be connected 
each other. 

55 [0036] In this figure, a path shown by a broken line 
represents a path for encrypted data, a path shown by 
a solid line represents a path of requests from each user 
terminal, a path shown by a one-dot chain line repre- 
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sents a path through which authorization information 
corresponding to a utilization request in each data and 
a crypt key are transferred, and a path shown by a two- 
dot chain line represents a path through which copyright 
information is transferred from the database or from the 
data to a next-order data within copyright management 
center. 

[0037] Each user who uses this system is previously 
entered in a database system and in this time, database 
utilization software is provided him. The database utili- 
zation software includes a program for decrypting an en- 
crypted copyright management program in addition to 
normal communication software such as data commu- 
nicating protocol. 

[0038] To use the database 1 , a primary user prepares 
primary-user authentication data Au1 , a first public-key 
Kb1, a first private-key Kv1 corresponding to the first 
public-key Kb1 , a second public-key Kb2, and a second 
private-key Kv2 corresponding to the second public-key 
Kb2, and accesses the database 1 from the primary user 
terminal 4 via the communication network 2. 
[0039] The database 1 receiving the primary-user au- 
thentication data Au1, first public-key Kb1 and second 
public-key Kb2 from the primary user confirms the pri- 
mary-user authentication data Au1 and transfers the 
confirmed primary-user authentication data Au1 to the 
secondary copyright management center 3 as the pri- 
mary user information Iu1. 

[0040] The database 1 prepares two secret-keys, that 
is, first secret-key Ks1 and second secret-key Ks2. 
[0041] In the prepared first secret-key Ks1 and sec- 
ond secret-key Ks2. the second secret-key Ks2 is also 
previously transferred to the copyright management 
center 3. 

[0042] As the result of the above transfer, a permit key 
corresponding to primary utilization, the primary user in- 
formation Iu1 , original copyright information IcO and the 
second secret-key Ks2 are stored in the copyright man- 
agement center 3. In this case, the original copyright in- 
formation IcO is used for copyright royalties distribution. 
[0043] When a primary user who desires data utiliza- 
tion accesses the database 1 from the primary user ter- 
minal 4, a data menu is transferred to him. In this case, 
information for charges may be displayed together with 
the data menu. 

[0044] When the data menu is transferred, the prima- 
ry user retrieves in the data menu to select the data M. 
In this case, the original copyright information IcO of the 
selected data M is transmitted to the copyright manage- 
ment center 3. The primary user selects permit key Kp1 
corresponding to the required form of the usage such 
as viewing, storing, copying, editing and transmitting of 
data. Permit key Kp1 is also transmitted to the copyright 
management center 3. 

[0045] Because viewing and storing of data are the 
minimum required forms of use for the primary user, 
these forms of use may be excluded from the choices 
as the minimum usage, and offering only copying, edit- 



ing and transmitting as the choices. 
[0046] The original data M0 is read out of the data- 
base 1 in accordance with a request of the primary user. 
The read original data M0 is encrypted by the first se- 
5 cret-key Ks1 : 

CmOksl = E(Ks1 , M0). 

10 [0047] The encrypted data CmOksl is provided with 
the uncrypted original copyright information IcO. 
[0048] The first secret-key Ks1 is encrypted by the 
first public-key Kb1 and the second secret-key Ks2 is 
encrypted by the second public-key kb2: 

15 

Cks1kb1 = E(Kb1, Ks1) 



2Q Cks2kb2 = E(Kb2, Ks2). 

[0049] While the copyright management program P is 
also encrypted by the second secret- key Ks2 

25 CpKs2 = E(Ks2, P), 

the copyright management program P must not always 
be encrypted by the second secret-key Ks2 but it may 

30 be encrypted by any other proper crypt key. 

[0050] The encrypted original data CmOksl , encrypt- 
ed copyright management program Cpks2, and two en- 
crypted secret-keys Cks1kb1 and Cks2kb2 are trans- 
ferred to the primary user terminal 4 via the communi- 

35 cation network 2, and charged, if necessary. 

[0051] It is possible to store the encrypted copyright 
management program Cpks2 such as in a ROM in the 
user terminal 4 instead of being supplied from the data- 
base 1 . 

40 [0052] The primary user receiving the encrypted orig- 
inal data CmOksl , two encrypted secret-keys Cks1kb1 
and Cks2kb2, and encrypted copyright management 
program Cpks2 from the database 1 decrypts the en- 
crypted first secret-key Cks1kb1 by the database utili- 

45 zation software using the first private-key Kv1 corre- 
sponding to the first public-key Kb1 : 

Ks1 =D(Kv1,Cks1kb1). 

50 

and decrypts the encrypted second secret-key Cks2kb2 
using the second private-key Kv2 corresponding to the 
second public-key Kb2: 

55 Ks2=D(Kv2,Cks2kb2). 

[0053] And the primary user decrypts the encrypted 
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copyright management program Cpks2 using the de- 
crypted second secret-key Ks2: 

P = D(Ks2, Cpks2). 

[0054] Finally, the primary user decrypts the encrypt- 
ed data CmOksl by the decrypted copyright manage- 
ment program P using the decrypted first secret-key 
Ks1: 

MO = D(Ks1 , CmOksl ) 

and uses the decrypted original data MO directly or data 
M1 as edited. 

[0055] As described above, the first private-key Kv1 
and second private-key Kv2 are crypt keys prepared by 
the primary user but not opened to others. Therefore, 
even if a third party obtains the data M, it is impossible 
to use the encrypted data M by decrypting it. 
[0056] Thereafter, to store, copy, or transmit the data 
M as the original data MO or the edited data M1, it is 
encrypted and decrypted by the second secret-key Ks2: 

Cmks2 = E(Ks2, M) 



M = D(Ks2, Cmks2). 

[0057] The decrypted second secret-key Ks2 is there- 
after used as a crypt key for encrypting/decrypting data 
when storing, copying, or transmitting the data. 
[0058] The first private-key Kv1 and second private- 
key Kv2 ( the first secret-key Ks1 and second secret-key 
Ks2, the data M, the copyright management program P, 
the original copyright inf ormation Ic, and also the original 
copyright information IcO and also copyright information 
Id for information of the primary user and edited date 
and time when edited the data by the primary user are 
stored in the primary user terminal 4. 
[0059] Moreover, it is further protected by attaching 
the copyright information Id to the data as copyright in- 
formation label, and adding the digital signature. 
[0060] The encrypted data Cmks2 is encrypted to be 
distributed. Since the copyright information label pro- 
vides a clue to obtain the second secret-key Ks2 which 
is the key for decryption, the second secret key Ks2 can- 
not be obtained in the case where the copyright infor- 
mation label is removed from the encrypted data 
Cmks2. 

[0061] When the encrypted data Cmks2 is stored in 
the primary user terminal 4, the second secret-key Ks2 
is stored in the terminal 4. However, when the encrypted 
data Cmks2 is not stored in the primary user terminal 4 
but is copied to the recording medium 11 or transmitted 
to the secondary user terminal 5 via the communication 



network2, the second secret-key Ks2 is disused in order 
to disable subsequent utilization of the data in the pri- 
mary user terminal 4. 

[0062] In this case, it is possible to set a limitation for 
repetitions of copying or transmitting of the data so that 
the second secret-key Ks2 is not disused within limited 
repetions of copying and transmitting of the data. 
[0063] The primary user who is going to copy the data 
M to the external recording medium 11 or transmit the 
data M via the communication network 2 must prepare 
the second secret-key Ks2 to encrypt the data M by this 
second secret- key Ks2 before copying or transmitting 
the data: 

Cmks2= E(Ks2,M). 

[0064] The uncrypted original copyright information 
IcO and primary-user copyright information Id are add- 
ed to the encrypted data Cmks2. 
[0065] Before using a database, a secondary user, 
similar to the primary user, prepares authentication data 
Au2 for authenticating the secondary user, a third public- 
key Kb3 and a third private-key Kv3 corresponding to 
the third public-key Kb3, a fourth public-key Kb4, and a 
fourth private-key Kv4 corresponding to the fourth pub- 
lic-key Kb4. 

[0066] The secondary user who desires secondary 
utilization of the copied or transmitted encrypted data 
Cmks2 must designate original data name or numberto 
the copyright management center 3 to request for sec- 
ondary utilization to the center 3 from the secondary us- 
er terminal 5 via the communication network 2. In this 
time, the secondary user also transfers the third public- 
key Kb3 and the fourth public-key Kb4 as well as the 
secondary user authentication data Au2, original copy- 
right information IcO and primary user copyright infor- 
mation Id . 

[0067] The copyright management center 3 receiving 
the secondary utilization requestfrom the secondary us- 
er confirms the secondary-user authentication data 
Au2, and transfers confirmed secondary-user authenti- 
cation data Au2 to the tertiary copyright data 9 as sec- 
ondary user information. 

[0068] When the secondary copyright information Id 
of the primary user is transferred, the secondary copy- 
right information Id is inquired to the secondary copy- 
right data 8, and then, it recognizes the secondary cop- 
yright information Id to be transferred to the tertiary 
copyright data 9. 

[0069] The secondary user selects permit key Kp2 
corresponding to the form of data usage such as view- 
ing, storing, copying, editing and transmitting of data. 
Permit key Kp2 corresponding to the selected usage is 
sent to the tertiary copyright data 9. 
[0070] Because viewing and storing of data are the 
minimum required forms of use for the secondary user, 
these forms of use may be excluded from the choices 
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as the minimum usage, offering only copying, editing 
and transmitting as the choices. 
[0071] The secondary copyright data 8 prepares a 
third secret-key Ks3. 

[0072] The prepared third secret-key Ks3 is trans- 5 
f erred to and stored in the tertiary copyright data 9. 
[0073] As the result of the above transfer, the permit 
key Kp2, primary user copyright information Id , primary 
user information Iu1, original copyright information IcO, 
secondary user information Iu2, and third secret-key 
Ks3 are stored in the tertiary copyright data 9. The per- 
mit key Kp2, primary user copyright information Id , and 
primary user information Iu1 are used for copyright roy- 
alties distribution. 

[0074] Hereafter similarly, permit key Kpn corre- 
sponding to n-order usage, copyright information for 
secondary exploitation right lcn-1 of (n-l)-order user, 
primary user information Iu1 , original copyright informa- 
tion IcO, n-order user Information lun, and n-th secret- 
key Ksn are stored in n-order copyright data 10. 
[0075] The permit key Kp2, primary user information 
Iu1, original copyright information IcO and second se- 
cret-key Ks2 are read out of the secondary copyright da- 
ta 8. The original copyright information IcO is used for 
copyright royalties distribution. 
[0076] The read second secret-key Ks2 and third se- 
cret-key Ks3 are encrypted by the third public-key Kb3 
and fourth public-key Kb4 of the secondary user respec- 
tively: 

Cks2kb3 = E(Kb3, Ks2) 



Cks3kb4 = E(Kb4, Ks3). 

[0077] The copyright management program P is en- 
crypted by the third secret-key Ks3: 

Cpks3 = E(Ks3, P). 

[0078] The encrypted copyright management pro- 
gram Cpks3, encrypted second secret- key Cks2kb3, 
and encrypted third secret-key Cks3kb4 are transferred 
to the secondary user terminal 5 via the communication 
network 2. In this case, charging is performed, if neces- 
sary. 

[0079] The secondary user receiving two encrypted 
secret-keys Cks2kb3 and Cks3kb4 and the encrypted 
copyright management program Cpks3 from the sec- 
ondary copyright data 8 decrypts the encrypted second 
secret-key Cks2kb3 by the third private-key Kv3, and 
decrypts the encrypted third secret-key Cks3kb4 by the 
fourth private-key Kv4 corresponding to the fourth pub- 
lic-key Kb4, using the database utilization software: 



Ks2=D(Kv3, Cks2kb3) 



Ks3 = D(Kv4, Cks3kb4). 

[0080] The encrypted copyright management pro- 
gram Cpks3 is decrypted by the decrypted third secret- 
key Ks3: 

P= D(Ks3, Cpks3). 

[0081] Then, the encrypted data Cmks2 is decrypted 
to use it by the decrypted second secret-key Ks2 using 
decrypted copyright management program P: 

M = D(Ks2, Cmks2). 

[0082] As described above, the third private-key Kv3 
and the fourth private-key Kv4 are prepared by the sec- 
ondary user but not opened to others. Therefore, even 
if a third party obtains the encrypted data Cmks2, it is 
impossible to use the data by decrypting it. 
[0083] Each user who uses above-mentioned system 
must previously be entered in a database system, and 
when entered in the system, software for database is 
supplied to the user. 

[0084] Because the software includes not only normal 
communication software such as a data communication 
protocol but also a program for decrypting a copyright 
management program by a first crypt-key, it is neces- 
sary to be protected. 

[0085] A first crypt-key K1 , a second crypt-key K2, 
and a copyright management program P are transferred 
to each user in order to use data M, and each user keeps 
these keys and the program. 

[0086] Further, the copyright information label, user 
information, the public-key and private-key in the public- 
key cryptosystem and the program containing algorithm 
for generating the secret-key are kept when needed. 
[0087] For keeping them, it is the simplest means to 
use a flexible disk. However, the flexible disk is easy in 
disappearance or alteration of data. 
[0088] Moreover, a hard disk drive is also unstable for 
disappearance or alteration of data though it is more sta- 
ble than the flexible disk. 

[0089] Recently, an IC card is spread in which an IC 
element is sealed in a card-like package. Particularly, 
standardization of a PC card with a microprocessor 
sealed in it is progressed as a PCMCIA card or JEIDA 
card. 

[0090] The data copyright management apparatus 
proposed by the inventor of the present invention et al. 
in the prior Japanese Patent application No. 
237673/1994 is described in Figure 2. 
[0091 ] The data copyright management unit 1 5 is con- 
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figured as a computer system, comprising a microproc- 
essor (CPU) 16, a local bus 17 of CPU 16, read only 
memory (ROM) 1 8 connected to local bus 1 7, and write/ 
read memory (RAM) 1 9, wherein the local bus 1 7 being 
connected to system bus 22 of the microprocessor 21 5 
of the user terminal 20. 

[0092] Moreover, a communication unit (COMM) 23 
which receives data from an external database and 
transfer data to the external database, a CD-ROM drive 
(CDRD) 24 which reads data provided by CD-ROM, a 
flexible disk drive (FDD) 25 which copies received or ed- 
ited data to a flexible disk drive to provide outside with 
such data, and a hard disc drive (HDD) 26 which stores 
data are connected to the system bus 22 in the user ter- 
minal 20. 

[0093] As a matter of course, ROM and RAM or the 
like are connected to the system bus 22 of the user ter- 
minal, however, it is not shown in the figure. 
[0094] Fixed information, such as software and user 
data, for utilizing the database is stored in ROM 18 of 
the data copyright management unit 1 5. 
[0095] A crypt-key and the copyright management 
program provided from the key control center or copy- 
right management center are stored in RAM 19. 
[0096] The process of decryption and re-encryption 
are performed by the data copyright management unit 
15, only of which results are transferred to the user ter- 
minal 20 via the local bus 17 and the system bus 21 of 
the user terminal. 

[0097] The data copyright management unit 1 5 is im- 
plemented as monolithic IC, hybrid IC, an expansion 
board, an IC card, or a PC card. 

Summary of the Invention 

[0098] In the present application, apparatus for data 
copyright management system, resulted from further 
implementation of the apparatus used in the user termi- 
nal proposed in the prior Japanese patent application 
No. 237673/1994, is proposed. 
[0099] The apparatus for data copyright management 
in the present invention is attached to the user terminal, 
which comprises central processing unit, central 
processing unit bus, read only semiconductor memory, 
electrically erasable programmable memory, and read/ 
write memory. 

[0100] Central processing unit, read only semicon- 
ductor memory, electrically erasable programmable 
memory, and read/write memory are connected to the 
central processing unit bus, and also system bus of a 
unit which utilizes the data can be connected to it. Data 
copyright management system program, a crypt algo- 
rithm, and user information are stored in the read only 
semiconductor memory, and a second private-key, per- 
mit key, second secret-key, and copyright information 
are stored in the electrically erasable programmable 
memory, wherein first public-key, first private-key, sec- 
ond public-key, and first secret-key being transferred to 



the read/write memory at the operation of the unit. If the 
copyright management program is provided from the 
outside, it is stored in the EEPROM. Otherwise, it is 
stored in ROM. 

[0101] As a form of the data copyright management 
apparatus, monolithic IC, hybrid IC, a thin IC card with 
special terminal, a PC card, and a board for insertion 
can be available. 

[01 02] In the data copyright management system de- 
scribed above as prior invention, while the obtained en- 
crypted data is decrypted for utilization of displaying/ed- 
iting, the obtained or edited data is re-encrypted to store/ 
copy/transfer so that no unauthorized use of the data 
can be available. 

[0103] Accordingly, in the apparatus used in the data 
copyright management system of the present invention, 
re-encryption of data, as well as decryption of data 
should be performed concurrently, however, those data 
copyright management apparatus described in the prior 
applications can perform only one process of either data 
decryption or data re-encryption. 
[0104] Thus, in the present application, a data copy- 
right management apparatus which, at the same time, 
can decrypt and re-encrypt data encrypted and supplied 
in order to manage copyright is proposed. 
[0105] For the purpose of that, data which was en- 
crypted and provided is decrypted and re-encrypted by 
adding at least one microprocessor, preferably 2 micro- 
processors; in addition to the microprocessor that con- 
trols the entire user terminal therein. When one micro- 
processor is added, one of the 2 microprocessors, one 
included in the user terminal or one added, will decrypt 
data and the other will re-encrypt data. 
[01 06] When 2 microprocessors are added, one of the 
added microprocessors will decrypt data, the other mi- 
croprocessor will re-encrypt data, and the microproces- 
sor of the user terminal will control the entire operation. 
[0107] Although the added microprocessors may be 
connected to system bus of the microprocessor in the 
user terminal, this configuration may not allow a multi- 
processor configuration to operate plural microproces- 
sors concurrently. 

[0108] Therefore, in the present application, a data 
copyright management apparatus as a multiprocessor 
configuration utilizing SCSI bus or PCI bus is proposed. 
[0109] Otherthan character data, digital data includes 
graphic data, computer program, digital audio data, still 
picture data of JPEG standard, and motion-picture data 
of MPEG standard. 

[0110] While the data works comprising these data 
are utilized by using various apparatus, it is necessary 
that these apparatus should also include the data cop- 
yright management function. 
[0111] Thus, in the present application, it is proposed 
that, as a form of use, these data copyright management 
apparatus and the data copyright management appara- 
tus described in the prior application are incorporated in 
various systems. 
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Brief Description of the Drawings 

[0112] Figure 1 is a block diagram of the data copy- 
right management system of the prior invention. 
[0113] Figure 2 is a block diagram of the data copy- s 
right management apparatus of the prior invention. 
[0114] Figure 3 is a block diagram of the data copy- 
right management apparatus of embodiment 1 of the 
present invention. 

[01 1 5] Figure 4 is a specific block diagram of the data 
copyright management apparatus of the embodiment 1 
of the present invention. 

[01 16] Figure 5 is a process flow chart of data copy- 
right management system related to the present inven- 
tion. 

[0117] Figure 6 is a block diagram of the data copy- 
right management system of the prior invention. 
[01 18] Figure 7 is a flow chart of a general edit proc- 
ess of digital data. 

[01 19] Figure 8 is a flow chart of encrypted data edit 
process of the present invention. 
[0120] Figure 9 is a block diagram of the data copy- 
right management apparatus of embodiment 2 of the 
present invention. 

[0121] Figure 1 0 is a block diagram of the data copy- 
right management apparatus of embodiment 3 of the 
present invention. 

[01 22] Figure 1 1 is a block diagram of the data copy- 
right management apparatus of embodiment 4 of the 
present invention. 

[01 23] Figure 1 2 is a block diagram of the data copy- 
right management apparatus of embodiment 5 of the 
present invention. 

[01 24] Figure 1 3 is a block diagram of the data copy- 
right management apparatus of embodiment 6 of the 
present invention. 

[0125] Figure 1 4 is a block diagram of the digital cash 
system as one example of use of the present invention. 
[01 26] Figure 1 5 is a block diagram of the video con- 
ference system as one example of use of the present 
invention. 

Detailed Description of the Preferred Embodiments 

[0127] The detailed embodiments of the present in- 
vention are described below with reference to the draw- 
ings. 

[0128] The embodiment 1 of the data copyright man- 
agement apparatus related to the present invention is 
shown in a block diagram of Figure 3. 
[0129] The data copyright management unit 30 in- 
cludes electrically erasable programmable memory 
(EEPROM) 31 in addition to the components of the data 
copyright management unit 15 described in the prior ap- 
plication No. 237673/1994. 

[0130] The data copyright management unit 30 is a 
computer system having CPU 16, local bus 17 of CPU 
16, ROM 18 connected to local bus 17 ; RAM 19, and 
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EEPROM 31 , wherein local bus 1 7 being connected to 
the system bus 22 of the microprocessor 21 in the user 
terminal 20. 

[0131] Moreover, communication unit (COMM) 23 
which receives data from external database and trans- 
fers data outside, CD-ROM drive (CDRD) 24 which read 
data provided by CD-ROM, a flexible disc drive (FDD) 
25 which copies data received or edited in order to sup- 
ply to the outside, and hard disk drive (HDD) 26 which 
stores data are connected to the system bus 22 of the 
user terminal 20. 

[0132] Further, ROM and RAM are connected to the 
system bus 22 of the user terminal, however, it is not 
shown in the figure. 

[0133] Fixed information such as a data copyright 
management program, a cryptography program based 
on crypt algorithm, and user data are stored in ROM 1 8. 
[0134] A crypt-key and copyright information are 
stored in EEPROM 31 . Further, when data copyright 
management program and cryptography program are 
supplied from outside such as from database, they are 
stored in EEPROM 31, rather than in ROM 18. 
[0135] The data copyright management unit 30 per- 
forms the process of decryption or re-encryption, only 
the result of which are transferred to the user terminal 
20 via local bus 1 7 and system bus 22. 
[0136] The data copyright management unit 30 is im- 
plemented as a monolithic IC, a hybrid IC, an expansion 
board, an IC card, or a PC card. 
[0137] Fixed data such as a data copyright manage- 
ment program, a cryptography program based on crypt 
algorithm, and user data are stored in ROM 18 of the 
data copyright management unit 30 in the embodiment 
1. 

[0138] Further, a program for generating secret-keys 
based on secret-key algorithm of not secret, a decryp- 
tion program, and a re-encryption program may be 
stored in ROM 18. 

[0139] A crypt-key and copyright information are 
stored in EEPROM 31. Moreover, when the copyright 
management program and the encryption program are 
supplied from the outside such as database, they are 
stored in EEPROM 31, rather than ROM 18. Still more, 
the EEPROM is not necessarily required and may be 
omitted. 

[0140] Either one of the first crypt-key or the second 
crypt-key supplied from the key control center or copy- 
right management center, and data copyright manage- 
ment system program are stored in RAM 1 9. 
[0141] On the other hand, information such as soft- 
ware and the user data required by MPU 46 in the user 
terminal 20 are supplied to the user terminal 20 by the 
software, and stored in RAM of the user terminal 20. 
[0142] Besides, either one of the first crypt-key or the 
second crypt-key supplied from the key control center 
or the copyright management center, and the data cop- 
yright management system program are stored in RAM 
of the user terminal unit 20. 



15 



20 



25 



30 



35 



40 



45 



50 



8 



15 



EP 0 715 241 B1 



16 



[0143] The process of decryption and re-encryption 
are shared by MPU 46 of the main body of the user ter- 
minal 20 and CPU 1 6 of the data copyright management 
unit 30; one encrypts data and the other decrypts data, 
and only the processed results of the data copyright s 
management unit 30 are transferred to the user termi- 
nal. 

[01 44] The specific internal structure of the data cop- 
yright management unit 30 in Figure 3 is shown in Figure 
4. 

[0145] A microcomputer (CPU) 16, read only semi- 
conductor memory (ROM) 18, write/read memory 
(RAM) 19, and electrically erasable programmable 
memory (EEPROM) 31 are enclosed in the data copy- 
right management unit 30 : and are connected to micro- 
computer bus 17 of the microcomputer 16, the micro- 
computer bus 17 being further connected to system bus 
22 of the user terminal 20 main body. 
[0146] The data copyright management system pro- 
gram, crypt algorithm, and the user information are 
stored in the read only semiconductor memory 18. 
[0147] Inside of the electrically erasable programma- 
ble memory 31 is divided into three areas. 
[0148] In the first area 35, the first public-key Kb1 , the 
first private-key Kv1 , the second public-key Kb2, and the 
second private-key Kv2 are stored. 
[0149] In the second area 36, the copyright manage- 
mentprogram P. the first secret-key Ks1 as a permit key 
in the primary use such as view permit/store permit/copy 
permit/edit permit/transfer permit, and the second se- 
cret key Ks2 as a permit key in the secondary use such 
as view permit/store permit/copy permit/edit permit/ 
transfer permit are stored. 

[0150] Further, in some case where the copyright 
management program is not supplied form the outside, 
but preset in the user side, the copyright management 
program is stored in the read only memory 18, rather 
than in the second area 36 of the electrically erasable 
programmable memory 31 . 

[01 51] In the third area 37, copyright information such 
as the original copyright information and the secondary 
copyright information, and an access control key are 
stored. 

[0152] As in the case of the electrically erasable pro- 
grammable memory 31 , inside of the write/read memory 
1 9 is divided into three areas. 
[01 53] In the first area 32, the first public-key Kb1 , the 
first private-key Kv1 , and the second public-key Kb2 are 
stored during operation. 

[0154] In the second area 33, the first secret-key Ks1 
as a permit key in the primary utilization such as view 
permit/store permit/copy permit/edit permit/transfer per- 
mit is stored during operation. 
[0155] In the third area 34, an access control key is 
stored during operation. 

[0156] The user terminal attached with the data cop- 
yright management apparatus is reliable since it per- 
forms all the process for utilizing data within the data 



copyright management unit related to the present inven- 
tion, so that only the results are transferred to the user 
terminal for various utilization. 
[01 57] When picture data containing large amount of 
information is transmitted/received, original data is 
transmitted after being compressed in order to reduce 
the amount of data and the compressed data is expand- 
ed after reception to utilize it. In this case, data copyright 
may be managed by encryption. 
[0158] In Figures, an example of data copyright man- 
agement flow when encrypted data is digital picture 
compressed in JPEG standard or MPEG standard. The 
flow is divided into transmitting side flow and receiving 
side flow with a transmit line in between, and the receiv- 
ing side flow is further divided into display flow and stor- 
age flow. 

[0159] Thesignal process in the transmitting side con- 
sists of process preparing digital picture and process 
processing the digital picture prepared. In this process, 
if an original picture is the digital picture 41 , It proceeds 
to next process. If an original image is an analog picture 
40, digitizing process 42 is performed. 
[0160] The digital picture is compressed 43 first by 
given standard such as JPEG standard, or MPEG 
standard, then the compressed digital data is encrypted 
44 using the first secret-key. 

[01 61 ] The picture data signal processed in transmit- 
ting side is transmitted through transmission line 45 
such as satellite broadcasting wave, terrestrial broad- 
casting wave, CATV wave, or public telephone line/IS- 
DN line. 

[0162] Further, recording media such as a digital vid- 
eo tape, a digital video disk, or CD-ROM may be used 
as the transmission line. 

[01 63] Thus the picture data transmitted to the receiv- 
ing side is decrypted 46 first using the first secret key, 
then the compressed picture data is expanded 47 to be 
displayed 49. When the display is a digital data display 
unit, it is directly displayed, however, when it is an ana- 
log data display unit, it is converted to analog data 48. 
[0164] When data is stored in hard disk, flexible disk, 
optical magnetic disk, writable video disk or the like, it 
is stored after being re-encrypted 50 using the second 
secret key. 

[0165] In displaying again the picture data re-encrypt- 
ed and stored, it is re-decrypted 52 using the second 
secret key and displayed 49. If the display unit is a digital 
data display unit, it is directly displayed, however, if it is 
an analog data display unit, it is converted to analog data 
48. 

[0166] Moreover, for data compression/expansion 
means and transmission path, appropriate ones com- 
patible with the data are used. 
[0167] Figure 6 shows an example of the data copy- 
right management system disclosed in the prior Japa- 
nese Patent Application No. 237673/1994. This system 
uses the secret-key system as a cryptosystem. 
[0168] In the case of this system, reference numeral 
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1 represents a database in which text data, binary data 
serving as a computer graphic display or a computer 
program, digital audio data, and digital picture data are 
stored by being encrypted, 14 represents a space sat- 
ellite such as a communications satellite or a broadcast- 5 
ing satellite, 1 5 represents a data recorder such as a 
CD-ROM or a flexible disk, 2 represents a communica- 
tion network such as a public telephone line offered by 
a communication enterprise or a CATV line offered by a 
cable television enterprise, 4 represents a primary user 
terminal, and 16 represents a key control center for 
managing a secret-key, and 1 7 represents a copyright 
management center for managing a data copyright. 
[0169] Reference numerals 5, 6, and 7 represent a 
secondary user terminal, a tertiary user terminal, and n- 
order user terminal respectively, and 11,12, and 13 rep- 
resent a secondary disk, tertiary disk, and n-order disk 
serving as a recording medium such as a flexible disk 
or CD-ROM respectively. The symbol "n" represents an 
optional integer. When V is larger than 4, a correspond- 
ing user terminal and a corresponding disk are arranged 
between the tertiary user terminal 6 and the n-order user 
terminal 7 and between the tertiary disk 12 and the n- 
order disk 13 respectively. 

[0170] On the above arrangement, the database 1, 
key control center 1 6, copyright management center 1 7, 
primary user terminal 4, secondary user terminal 5, ter- 
tiary user terminal 6, and n-order user terminal 7 are 
connected to the communication network 2. 
[0171] In this figure, the path shown by a broken line 
is a path of encrypted data, a path shown by a solid line 
is a path of requests from each user terminal, and a path 
shown by a one-dot chain line is a path through which 
authorization information corresponding to a utilization 
request and a secret-key are transferred. 
[0172] Moreover, each user who uses this system is 
previously entered in the database system. When the 
user is entered in the system, a database utilization soft- 
ware is given to the user. The database utilization soft- 
ware includes not only normal communication software 
such as a data communication protocol but also a pro- 
gram for running a copyright management program. 
[0173] Original data M0 of text data, binary data as a 
computer graphic display or computer program, digital 
audio data, or digital picture data stored in the database 
1 or data recording medium 15 is one-way supplied to 
the primary user terminal 4 via the communication net- 
work 2, satellite 14 or recording medium 15. 
[0174] In this case, the data is encrypted with a first 
secret-key Ks1 : 

CmOksl = E(Ks1, M0). 

[01 75] Even if data provided with advertisement to be 
offered free of charge, it is necessary to be encrypted 
in order to protect the copyright. 
[0176] It is disclosed in the Japanese Patent Applica- 



tion No. 64889/1994 which is the prior application that 
the data utilization includes not only displaying of data 
which is the most basic usage but also storing, editing, 
copying, and transmitting of the data, a use permit key 
is prepared which corresponds to one or several forms 
of usage, and its management is executed by the cop- 
yright management program. 

[01 77] Moreover, it is described there that data is en- 
crypted again by the copyright management program for 
use such as storing, copying, editing and transmitting of 
the data other than displaying of the data and displaying 
for editing the data. 

[0178] In other words, the data whose copyright is 
claimed is encrypted to be distributed, and only when 
the data is displayed or displayed for editing the data in 
a user terminal having a copyright treatment function, 
the data is decrypted to a plaintext. 
[01 79] This system disclosed in Japanese Patent Ap- 
plication No. 237673/1994 uses the method described 
in the prior application No. 64889/1994. 
[01 80] A primary user who desires primary utilization 
of the supplied encrypted data CmOksl requests for pri- 
mary utilization of the encrypted original data CmOksl 
by designating the original data name or the original da- 
ta number to the key control center 16 via the commu- 
nication network 2 from the primary user terminal 4. In 
this case, the primary user must present information Iu1 
for primary user to the key control center 1 6. 
[0181] The key contra I center 1 6 receiving the primary 
utilization request from the primary user terminal 4 
transfers first secret-key Ks1 for decrypting the encrypt- 
ed original data CmOksl obtained from the database 1 
by the primary user and second secret-key Ks2 for re- 
encrypting the decrypted original data M0 or edited data 
M1 from the original data, together with a copyright man- 
agement program P via the communication network 2 
to the primary user terminal 4. 

[0182] In the primary user terminal 4 receiving the first 
secret-key Ks1 as a decryption key and the second se- 
cret-key Ks2 as an encryption/decryption key, the en- 
crypted original data CmOksl is decrypted by the first 
secret-key Ks1 using the copyright management pro- 
gram P 

M0=D(Ks1, CmOksl) 

to use the decrypted original data M0 directly or data M1 
as edited. 

[01 83] When the data M which is the original data M0 
or edited data M1 is stored in a memory or a built-in hard 
disk drive of the primary user terminal 4, only the primary 
user can use the data. However, when the data M is cop- 
ied to the external recording medium 11 such as a flex- 
ible disk or transmitted to the secondary user terminal 
5 via the communication network 2, a problem of a cop- 
yright due to secondary utilization occurs. 
[0184] When the original data M0 obtained by the ph- 



is 



20 



25 



30 



35 



40 



45 



50 



10 



19 



EP 0 715 241 B1 



20 



mary user is directly copied and supplied to a secondary 
user, the copyright of the primary user is not effected on 
the data MO because the original data MO is not modified 
at all. However, when the primary user produces new 
data M1 by editing the obtained data MO or by using 
means such as combination with other data, the copy- 
right of the primary user, i.e., secondary exploitation 
right occurred from secondarily utilizing original data, is 
effected on the data M1 . 

[0185] Similarly, when a secondary user produces 
new data M2 by editing the original data MO or edited 
data M1 obtained from the primary user or by means 
such as combination of other data, the copyright of the 
secondary user; i.e., secondary exploitation right on the 
secondary user is also effected. 
[01 86] I n this system, to correspond to the problem of 
the copyright, the data M is encrypted by the second 
secret-key Ks2 using the copyright management pro- 
gram P when the data M is stored, copied, or transmit- 
ted. Thereafter, in the primary user terminal 4, the data 
M is decrypted and encrypted by the second secret-key 
Ks2: 

Cmks2 = E(Ks2, M) 



M = D(Ks2, Cmks2). 

[0187] It is free in principle that the primary user dis- 
plays and edits data to obtain edited data. In this case, 
however, it is possible to limit the repetitions of the op- 
eration by the copyright management program. 
[0188] When the data M is copied to the external re- 
cording medium 11 or transmitted via the communica- 
tion network 2, the first secret-key Ks1 and the second 
secret-key Ks2 in the primary user terminal 4 are dis- 
used by the copyright management program P. There- 
fore, when reusing the data M , the primary user requests 
for utilization of the data M to the key control center 16 
to again obtain the second secret-key Ks2. 
[01 89] The fact that the user receives the regrant of 
the second secret- key Ks2 represents secondary utili- 
zation of data in which the data M has been copied to 
the external recording medium 11 or transmitted to the 
secondary user terminal 5 via the communication net- 
work 2. Therefore, the fact is entered in the copyright 
management center 17 from the key control center 16 
and subsequent secondary utilization comes possible. 
[01 90] The data M is moved from the primary user ter- 
minal 4 to the secondary user terminal 5 by the external 
recording medium 11 or the communication network 2. 
When the data M is copied to the external recording me- 
dium 11 or transmitted via the communication network 
2, it is encrypted by the second secret-key Ks2. 
[0191] When the data M is copied to the external re- 
cording medium 11 or transmitted via the communica- 
tion network 2, the first secret-key Ks1 and the second 



secret-key Ks2 in the primary user terminal 4 are dis- 
used. In this time, uncrypted primary user information 
Iu1 is added to the encrypted data Cmks2 stored in the 
primary user terminal 4 and when the encrypted data 

5 Cmks2 is transmitted to the secondary user, the primary 
user information Iu1 is also transferred. 
[0192] A secondary user who desires secondary uti- 
lization of the encrypted dataCmks2 copied or transmit- 
ted from the primary user must designate original data 

10 name or data number to the copyright management 
center 17 via the communication network 2 by the sec- 
ondary user terminal 5 and also present the secondary 
user information Iu2 to request for secondary utilization 
of the data Cmks2 to the center 1 7. In this time, the sec- 

15 ondary user further presents the uncrypted primary user 
information Iu1 added to the encrypted data Cmks2 in 
order to clarify the relationship with the primary user. 
[01 93] The copyright management center 1 7 confirms 
that the primary user has received a regrant of the sec- 

20 ond secret-key Ks2 for secondary-utilizing the data, in 
accordance with the presented primary user information 
Iu1 and then, transfers the second secret-key Ks2 serv- 
ing as a decryption key and the third secret-key Ks3 
serving as an encryption/decryption key to the second- 

25 any user terminal 5 via the communication network 2. 
[0194] In the secondary user terminal 5 receiving the 
second secret-key Ks2 and the third secret-key Ks3 ; the 
encrypted data Cmks2 is decrypted using the second 
secret-key Ks2 by the copyright management program 

30 p 

M = D(Ks2, Cmks2) 

35 and is secondarily utilized such as being displayed or 
edited. 

[0195] In this system, the key control center 1 6 proc- 
esses a primary utilization requests and the copyright 
management center 17 processes a secondary utiiiza- 

40 tion requests. While the data M supplied to a primary 
user is encrypted by the first secret-key Ks1 , the data M 
supplied to a secondary user is encrypted by the second 
secret- key Ks2. Moreover, the first secret-key Ks1 and 
the second secret-key Ks2 are transferred to the primary 

45 user as crypt keys from the key control center 1 6. 
[01 96] Therefore, if the secondary user, instead of the 
primary user, falsely requests for primary utilization to 
the key control center 16, the first secret-key Ks1 for 
decryption and the second secret-key Ks2 for encryp- 

so tion/decryption are transferred to the secondary user. 
However, the secondary user cannot decrypt the en- 
crypted data Cmks2 by using the first secret- key Ks1 
transferred as a decryption key. 
[01 97] Therefore, it is impossible to falsely request for 

ss data utilization and resultingly, not only the original cop- 
yright of data but also the copyright of the primary user 
on the data are protected. 

[0198] When storing, copying, or transmitting of the 



11 



21 



EP 0 715 241 B1 



22 



data M other than displaying and displaying for editing 
is performed in the secondary user terminal 5, the data 
M is encrypted using the third secret-key Ks3 by the cop- 
yright management program P and thereafter, the data 
is decrypted and encrypted by the third secret-key Ks3: 5 

Cmks3 = E(Ks3, M) 



M = D(Ks3, Cmks3). 

[01 99] Moreover, it is free in principle that the second- 
ary user displays and edits data to obtain the edited data 
M2. In this case : it is possible to limit the repetitions of 
the operation by the copyright management program P. 
[0200] When the data M is copied to the external re- 
cording medium 12 or transmitted via the communica- 
tion network 2, the second secret-key Ks2 and the third 
secret-key Ks3 in the secondary userterminal 5 are dis- 
used by the copyright management program P. There- 
fore, when reusing the data M, the secondary user re- 
quests for the utilization of the data to the copyright man- 
agement center 1 7 to again obtain the third secret-key 
Ks3. 

[0201] The fact that the secondary user receives a re- 
grant of the third secret-key Ks3 represents secondary 
utilization of data in which the data M has been copied 
to the external recording medium 12 or transmitted to 
the tertiary user terminal 6 via the communication net- 
work 2. Therefore, the fact is entered in the copyright 
management center 17 and allows subsequent data 
use. 

[0202] The data M is moved from the secondary user 
terminal 5 to the tertiary userterminal 6 by the external 
recording medium 12 or by the communication network 
2. When the data M is copied to the external recording 
medium 12 or transmitted via the communication net- 
work 2, it is encrypted by the third secret-key Ks3. 
[0203] When the data M is copied to the external re- 
cording medium 1 2 or transmitted to the tertiary userter- 
minal 6 via the communication network 2, the second 
secret-key Ks2 and the third secret- key Ks3 in the sec- 
ondary userterminal 5 are disused. In this case, the un- 
crypted secondary user information Iu2 is added to the 
encrypted data Cmks3 stored in the secondary userter- 
minal 5, and when the encrypted data Cmks3 is trans- 
mitted to a tertiary user, the secondary user information 
Iu2 is also transferred. 

[0204] In adding each user information to data, there 
are two cases: a case in which every information is add- 
ed to data whenever it is copied or transmitted; and an- 
other in which the history updated whenever the data is 
copied or transmitted is stored in the copyright manage- 
ment center. 

[0205] A tertiary user who desires tertiary utilization 
of the encrypted data Cmks3 copied ortransmitted from 
the secondary user must designate original data name 



or number to the copyright management center 1 7 from 
a tertiary user terminal 6 via the communication network 
2 and also presents the tertiary user information Iu3 to 
request for tertiary utilization of the data. In this time, the 
tertiary user further presents the uncrypted secondary 
user information Iu2 added to the encrypted data Cmks3 
in order to clarify the relationship with the secondary us- 
er. 

[0206] The copyright management center 1 7 confirms 
that the secondary user has received a regrant of the 
third secret-key Ks3 for preparation of tertiary-utilizing 
the data, in accordance with the presented secondary 
user information Iu2 and then, transfers the third secret- 
key Ks3 serving as a decryption key and fourth secret- 
keyKs4 serving as an encryption/decryption key to the 
tertiary user terminal 6 via the communication network 
2. 

[0207] In the tertiary userterminal 6 receiving the third 
secret-key Ks3 and the fourth secret-key Ks4, the en- 
crypted data Cmks3 is decrypted using the third secret- 
key Ks3 by the copyright management program P 

M = D(Ks3, Cmks3) 

and is tertiarily utilized such as being displayed or edit- 
ed. 

[0208] In this system, the data M supplied to the pri- 
mary user is encrypted by the first secret-key Ks1 and 
the data M supplied to the secondary user is encrypted 
by the second secret-key Ks2, and the data M supplied 
to the tertiary user is encrypted by the third secret-key 
Ks3. 

[0209] Therefore, if the tertiary user, instead of the pri- 
mary user, falsely requests for primary utilization to the 
key control center 16, the first secret-key Ks1 for de- 
cryption and the second secret-key Ks2 for encryption/ 
decryption are transferred to the tertiary user. However, 
it is impossible to decrypt the encrypted data Cmks3 by 
the first secret-key Ks1 transferred as a decryption key. 
Moreover if the tertiary user instead of the secondary 
user, falsely requests for secondary utilization to the 
copyright management center 17, the second secret- 
key Ks2 and the third secret-key Ks3 are transferred to 
the tertiary user as a decryption key and an encryption/ 
decryption key respectively. However, it is impossible to 
decrypt the encrypted data CmKs3 by the second se- 
cret-key Ks2 transferred as a decryption key. 
[021 0] Therefore, it is impossible to falsely request for 
data utilization. As a result, not only the original copy- 
right of the data but also the copyrights of the primary 
and secondary users on the data are protected. 
[0211] The same procedure is applied to quaternary 
and subsequent utilization. 

[0212] In the above described system, the database 
1, key control center 16, and copyright management 
center 1 7 are separately arranged. However, it is not al- 
ways necessary to arrange them separately. It is also 
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possible to set all of or proper two of them integrally. 
[0213] Moreover, it is also possible to request for a 
regrant of the secondary secret-key from the primary us- 
er not to the key control center 1 6 but to the copyright 
management center 17. 

[0214] In Figures 7(a) and 7(b), signal process flow in 
data edit method of digital video or digital audio is 
shown. An edit flow generally processed is shown in 7 
(a) and an edit flow 7(b) which can avoid deterioration 
of signals. 

[0215] In the edit flow shown in 7(a), signals supplied 
as digital signals 61 are converted to analog signals 62, 
the analog signals are then edited while being displayed 
64, and the analog signals completed editing are re-dig- 
itized 65 to be stored, copied, and transferred 66. 
[0216] Though this process may be simple, it can not 
avoid deterioration of signals since signal is edited in 
analog and re-digltized after completion of editing. 
[0217] The edit flow shown in 7(b), digital signals 61 
are converted to analog signals 62 to be displayed. 
While the analog signals 62 are used in editing 63, the 
analog signals are used only for displaying 64 rather 
than for storing, copying, transferring. 
[021 8] Signals for storage, copy, and transfer are ed- 
ited 67, copied, and transferred 66 in the form of digital 
signals 61 correspond to signals displayed in analog. 
[0219] In the case of this edit flow, there is no deteri- 
oration of signals since digital signals which are stored, 
copied, and transferred are never converted to analog 
signals. 

[0220] Figures 8(a) and 8(b) illustrate flow examples 
when editing encrypted data to which signal process in 
data editing method of digital video or digital audio 
shown in Figure is applied. 8(a) shows a simplified sig- 
nal processing flow and 8(b) shows a signal processing 
flow which allows sufficient copyright management. 
[0221] In the signal processing flow shown in (a), the 
original data 71 CmOksl , encrypted using the first se- 
cret-key Ks1 and supplied is initially decrypted 72 using 
the first secret key Ks1 : 

M0=D (Ks1, CmOksl ) ( 

and the decrypted data M0 is then edited 73 while being 
displayed 74. The data M1 completed editing is re-en- 
crypted 75 using the second secret key Ks2: 

Cm1ks2=E(Ks2 J M1) 

and stored, copied, and transferred 76. 

[0222] Though the process may be simple, copyright 

can not be properly managed since there is possibility 

that the decrypted data might be stored, copied, or 

transferred due to the data editing process in decrypted 

form. 

[0223] On the other hand, in the signal processing 



flow shown in 8(b), the original data 71 CmOksl, en- 
crypted using the first secret key Ks1 is decrypted 72 
using the first secret-key Ks1 : 

5 M0=D(Ks1, CmOksl) 

the decrypted data M0 is displayed 74. 
[0224] While, the encrypted data CmOksl is edited 
10 73, lead by the decrypted data MO, and the original data 
M0 for storage or the edited data M1 are re-encrypted 
using the second secret-key: 

Cm0ks2=E (Ks2, M0) 



Cm1ks2=E(Ks2, M1) 

20 the encrypted data Cm0ks2 or Cm1 ks2 is stored, cop- 
ied, and transferred 76. 

[0225] Without being decrypted corresponding to the 
decrypted and displayed data, it is edited 77 in the en- 
crypted form, and the edition program and the data still 
25 encrypted are used for store, copy, transfer 76. 

[0226] In the case of this signal processing flow, the 
decrypted data are never stored, copied, or transferred 
since the data for storage, copy, transfer remains en- 
crypted. 

30 [0227] In the data copyright management system 
which applies the data copyright management appara- 
tus of the present invention, while data is decrypted for 
utilization when the obtained encrypted data are dis- 
played/edited, data copyright is managed by encrypting 

35 data when obtained or edited data is stored/copied/ 
transferred. 

[0228] However, the data copyright management unit 
1 5 of the prior invention shown in Figure 2 and the data 
copyright management unit 30 of the present invention 

40 described in Figure 3 can perform only one process of 
decryption of encrypted data or encryption of decrypted 
data. When decrypted or edited data is stored/copied/ 
transferred, therefore, it is necessary to store data in the 
userterminal or RAM of the data copyright management 

45 apparatus to re-encrypt the stored data afterwards. 
Thus, there is a possibility that decrypted or edited data 
might be lost due to accident or misoperation as well as 
posing limitation in volume to the data that can be proc- 
essed. 

so [0229] With the exception of some high -class MPU, 
general MPU used in personal computers does not take 
into account the multiprocessor configuration which al- 
lows concurrent operation of plural microcomputers. 
Therefore, plural operations can not be performed at the 

55 same time, although accessory units are connected to 
the system bus of the personal computer. 
[0230] Accordingly, to connect the data copyright 
management unit 15 shown in Figure 2 or the data cop- 
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yright management unit 30 shown in Figure 3 to the sys- 
tem bus 22 of the user terminal 20 never provides mul- 
tiprocessor function that enables concurrent operation 
of MPU 21 or 46 and CPU 16, and the processes of de- 
cryption of encrypted data and re-encryption of decrypt- 
ed data are performed alternately, not concurrently. 
Thus, a large amount of data can not be processed since 
the data to be encrypted and decrypted is limited by the 
capacity of RAM. Further, it is impossible to increase the 
processing speed, even if the amount of data is not 
large. 

[0231] On the other hand, in the data copyright man- 
agement system described as the prior application, en- 
crypted data obtained is decrypted to use for displaying 
or editing, and when the obtained or edited data is 
stored, copied, or transferred, it is re-encrypted in order 
to prevent unauthorized utilization of the data. There- 
fore, It is desirable that the apparatus in the data copy- 
right management system of the present invention per- 
forms not only decryption but also re-encryption of data 
at the same time. 

[0232] Recently, a PCI (Peripheral Component Inter- 
connect) bus has attracted attention as means for im- 
plementing a multiprocessorconfiguration of typical per- 
sonal computer. 

[0233] The PCI bus is a bus for external connection 
connected to a system bus of personal computer via a 
PCI bridge, and allows to implement a multiprocessor 
configuration. 

[0234] Figure 9 shows embodiment 2 of this invention, 
which is a configuration of data copyright management 
apparatus using a PCI bus and the same configuration 
of data copyright management unit 15 as shown in Fig- 
ure 3, that is, a computer configuration having a CPU 
16, a local bus 17 for the CPU 16, and ROM 18, RAM 
19, and EEPROM 31 connected to the local bus 17. 
[0235] In a userterminal 20, a PCI bus 81 is connect- 
ed to a system bus 22 for a microprocessor 21 via a PCI 
bridge 82 and the local bus 17 for the CPU 1 6 of a data 
copyright management apparatus 80 is connected to 
the PCI bus 81 . Also connected to the system bus 22 of 
the user terminal 20 are a communications device 
(COMM) 23 which receives data from external databas- 
es and transfers data to the external of the terminal, a 
CD-ROM drive (CDRD) 24 which reads data supplied 
on CD-ROM, a flexible disk drive (FDD) 25 which copies 
received or edited data to supply to the external of ter- 
minal, and hard disk drive (HDD) 26 used forstoring da- 
ta. COMM 23, CDRD 24, FDD 25, and HDD 26 may also 
be connected to the PCI bus 81 . 
[0236] While ROM, RAM etc., of course, are connect- 
ed to the system bus 22 of the userterminal, these are 
not shown in Figure 9. 

[0237] Configurations and operations of other parts 
are the same as embodiment 1 shown in Figure 3, and 
further explanation of them will be omitted. 
[0238] A decryption task is performed by the M PU 21 
of the user terminal 20 and an encryption task is per- 



formed by the CPU 16 of the data copyright manage- 
ment apparatus 80 at the same time, and vice versa. 
Since the configuration of the MPU 21 and CPU 16 in 
this embodiment is a multiprosessor configuration which 

5 performs parallel processing with a PCI bus, high 
processing speed can be achieved. 
[0239] Other typical means for attaching external de- 
vices to a personal computer include SCSI (Small Com- 
puter System Interface), which is used for the connec- 

10 tion of external storage medium such as hard disk drives 
and CD-ROM drives. 

[0240] Up to eight devices, including the personal 
computer itself to which SCSI is attached, can be con- 
nected to SCSI, and a plurality of computers may be in- 
15 eluded in the eight devices. Each of these computers 
can play an equivalent role, in other words. SCSI func- 
tion as not only an interface but also a multiprocessor 
bus. 

[0241] Taking advantage of this function of SCSI, em- 
20 bodiment 3 connects a data copyright management ap- 
paratus 85 to the system bus 22 of a user terminal 20 
via SCSI 86 (hereinafter called the "SCSI bus", for clear 
understanding) instead of the PCI bus 81 in embodiment 
2. 

25 [0242] Figure 10 shows a configuration block diagram 
of a data copyright management apparatus of embodi- 
ment 3 which uses and SCSI bus according to the 
present invention. 

[0243] In embodiment 3, the configuration of the data 

30 copyright management apparatus 85 is the same as the 
data copyright management apparatus shown in Figure 
3, that is, the apparatus has a CPU 16, a local bus 17 
for the CPU 1 6, and ROM 1 8, RAM 1 9, and EEPROM 
31 connected to the local bus 17. 

35 [0244] On the other hand, an SCSI bus 86, which is 
controlled by an SCSI controller (SCSICONT) 87, is 
connected to a system bus 22 for a microprocessor 21 
of a user terminal 20. and the local bus 1 7 for the CPU 
1 6 of a data copyright management apparatus 85 is con- 

40 nected to this SCSI bus 86. 

[0245] Also connected to the system bus 22 of the us- 
er terminal 20 are acommunications device (COMM) 23 
which receives data from external databases and trans- 
fers data to the external of the terminal, a CD- ROM drive 

45 (CDRD) 24 which reads data supplied on CD-ROM, a 
flexible disk drive (FDD) 25 which copies received or ed- 
ited data to supply to the external of terminal, and hard 
disk drive (HDD) 26 used for storing data. COMM 23. 
CDRD 24, FDD 25, and HDD 26 may also be connected 

so to the SCSI bus 86. 

[0246] While ROM, RAM etc., of course, are connect- 
ed to the system bus 22 of the user terminal, these are 
not shown in Figure 10. 

[0247] Configurations and operations of other parts 
55 are the same as embodimnt 1 shown in Figure 3, and 
further explanation of them will be omitted. 
[0248] A decryption task is performed by the MPU 21 
of the user terminal 20 and a encryption task is per- 
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formed by the CPU 16 of the data copyright manage- 
ment apparatus 85 at the same time, and vice versa. 
Since the configuration of the MPU 21 and CPU 16 in 
this embodiment is a muitiprosessorconfigu ration which 
performs parallel processing with an SISI bus 86, high 5 
processing speed can be achieved. 
[0249] Other means for implementing a multiproces- 
sor configuration, such as SCI (Scalable Coherent In- 
terface), may be used, and, if possible, the microproc- 
essors may be connected with each other without using 
a bus. 

[0250] Data to be managed by the data copyright 
management apparatus of the present invention in- 
cludes, in addition to text data, graphic data, computer 
programs, digital audio data, JPEG-based still picture 
data, and MPEG-based moving picture. 
[0251] The above-mentioned multiprocessor configu- 
ration of the data copyright management apparatus 80 
of embodiment 2 and the data copyright management 
apparatus 85 of embodiment 3 is implemented by con- 
necting the apparatus to the system bus 22 of the mi- 
croprocessor 21 in the user terminal 20 via a PCI bus 
or a SCSI bus. In such multiprocessor configuration, the 
MPU 21 of the user terminal 20 must also control the 
overall system. For relatively slow and small data such 
as text data and graphic data, data copyright manage- 
ment with encryption and re-encryption can be per- 
formed by the multiprocessor configuration using the 
MPU 21 and CPU 1 6, for JPEG-still-picture-based mov- 
ing picture data and MPEG1 or MPEG2-based moving 
picture data, however, data copyright management by 
such configuration is considerably difficult to perform 
because the data is fast and large. 
[0252] To deal with this problem, a multiprocessor 
system is configured by connection a first data copyright 
management apparatus 80 and a second data copyright 
management apparatus 90 to a PCI bus 81 in embodi- 
ment 4 shown in Figure 11 . 

[0253] The configuration of the second data copyright 
management apparatus 90 is the same as that of the 
first data copyright management apparatus 80, that is, 
the apparatus comprises a CPU 91 , a local bus 94 for 
the CPU 91, and ROM 92. RAM 93. and EEPROM 95 
connected to the local bus 94. 
[0254] In this embodiment, the first data copyright 
management apparatus B0 decrypts encrypted data 
and the second data copyright management apparatus 
90 re-encrypts decrypted data. 
[0255] Fixed information, such as software for utilizing 
databases and user data, are stored in the ROM 18 of 
the first data copyright management apparatus 80 de- 
crypting encrypted data. A first crypt-key and data cop- 
yright management system program supplied by a key 
control center or copyright management center are 
stored in the RAM 19. 

[0256] Similarly, fixed information, such as software 
for utilizing databases and user data, are stored in the 
ROM 92 of the second data copyright management ap- 



paratus 90 re-encrypting decrypted data, and a second 
crypt-key and data copyright management system pro- 
gram supplied by a key control center or copyright man- 
agement center are stored in the RAM 93. 
[0257] In this multiprocessor configuration, SCSI or 
SCI may be used, and. if possible, the microprocessors 
may be connected with each other without using a bus. 
[0258] In the prior application shown in Figure 2 and 
in embodiment 1 of the present invention described with 
reference to Figure 3, the communications device 
(COMM) 23 to which encrypted data is supplied and the 
CD-ROM drive (CDRD) 24 are connected to the system 
bus of the user terminal 20. In order to decrypt encrypted 
data, therefore, the encrypted data must be transmitted 
by way of the system bus of the user terminal 20 and 
the local bus of the data copyright management appa- 
ratus, and consequently, the processing speed can be 
slowed. This is true for a configuration in which those 
attached devices are connected to a PCI bus or SCSI 
bus. 

[0259] In embodiment 5 shown in Figure 12, a com- 
munications device 23 to which encrypted data is sup- 
plied and a CD-ROM drive 24 are connected to a local 
bus 1 7 of a data copyright management apparatus 97 
for decryption, in order to prevent processing speed 
from being slowed. 

[0260] The data copyright management apparatus 97 
of embodiment 5 shown in Figure 1 2 is a data copyright 
management apparatus for decryption and its configu- 
ration is essentially the same as that of the data copy- 
right management apparatus 30 of embodiment 1 
shown in Figure 3, that is, the computer system has a 
CPU 16, a local bus 17 for CPU 16, and ROM 18, RAM 
19 and EEPROM 31 connected to the local bus 17, and 
a communication device COMM 23 and a CD-ROM 
drive CDRD 24 are connected to the local bus 17. 
[0261] Fixed information, such as a copyright man- 
agement program, cryptography program based on 
crypt algorithm, and user data, are stored in the ROM 
18. 

[0262] Copyright information is stored in the EEP- 
ROM 31 . If the copyright management program and 
cryptography program are supplied from the external 
such as databases, those programs are stored in the 
EEPROM 31 , rather than in the ROM 1 8. 
[0263] A crypt-key for decryption and a data copyright 
management system program supplied from a key con- 
trol center or copyright management center are stored 
in the RAM 19. 

[0264] Encrypted data supplied from the COMM 23 or 
CDRD 24 is decrypted by the data copyright manage- 
ment apparatus 97 and transferred to a userterminal 95. 
[0265] While the above-mentioned data copyright 
management apparatus 80 and 90 of embodiment 4 are 
described as being configured separately, these appa- 
ratus, of course, can be configured as a unit. 
[0266] Figure 13 shows a data copyright manage- 
ment apparatus of embodiment 6 which is extended 
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from the data copyright management apparatus 97 of 
embodiments. 

[0267] In the prior application shown in Figure 2 and 
the embodiment 1 described with reference to Figure 3, 
the storage medium, such as HDD 26, for storing re- 5 
encrypted data are connected to the system bus 22 of 
the userterminal 20. In order to store re-encrypted data, 
therefore, the encrypted data must be transmitted by 
way of the system bus 22 of the user terminal 20 and 
the local bus 1 7 of the data copyright management unit 
15 or data copyright management unit 30, and conse- 
quently, processing speed can be slowed. This is true 
for a configuration in which those attached devices are 
connected to a PCI bus or SCSI bus. 
[0268] In the data copyright management apparatus 
1 00 of the embodiment 6 shown in Figure 1 3 , in addition 
to the communications device COMM 23 and the 
CD-ROM drive CDRD 24 connected to the local bus 1 7 
in the data copyright management apparatus 97 for de- 
cryption in the embodiment 5 shown in Figure 12, stor- 
age devices such as HDD 26 for storing re-encrypted 
data are connected to the local bus 94 of the data cop- 
yright management apparatus 101 for re-encryption. 
[0269] The configuration of the data copyright man- 
agement apparatus 101 for re-encryption in embodi- 
ment 6 is essentially the same as that of the data cop- 
yright management unit 30 shown in Figure 3, that is. 
the computer system has a CPU 91 . a local bus 94 for 
the CPU 91, and ROM 92. RAM 93 and EEPROM 95 
connected to the local bus 94. and HDD 26 is connected 
to the local bus 94. 

[0270] Fixed information, such as a copyright man- 
agement program, cryptography program based on 
crypt algorithm, and user data, are stored in the ROM 
92. 

[0271] Copyright information is stored in the EEP- 
ROM 95. If the copyright management program and 
cryptography program are supplied from the external 
such as databases, those programs are stored in the 
EEPROM 95 rather than the ROM 92. 
[0272] A crypt-key for re-encryption and a data copy- 
right management system program supplied from a key 
control center or copyright management center are 
stored in the RAM 93. 

[0273] Data re-encrypted by the copyright manage- 
ment apparatus 101 for re-encryption is stored in HDD 
26. 

[0274] While the above-mentioned data copyright 
management apparatus 100 and 101 of embodiment 6 
are described as being configured separately, these ap- 
paratus, of course, can be configured as a unit. 
[0275] Digital data includes, in addition to text data, 
graphic data, computer programs, digital sound data, 
JPEG-based still picture data, and MPEG-based mov- 
ing picture data. 

[0276] A typical user terminal which utilizes copyright- 
ed data is computer apparatus such as personal com- 
puters. Other apparatus which utilize such data are re- 



ceivers such as television sets, set-top boxes used with 
those receivers, digital recording apparatus such as vid- 
eo tape recorders, digital video disk recorders, and dig- 
ital audio tapes (DAT) which store digital data, and per- 
sonal digital assistants (PDA). 
[0277] The data copyright management apparatus 
shown in Figure 2 which is configured as an expansion 
board, IC card, or PC card and described in the prior 
patent application No. 237673/1 994 or the data copy- 
right management apparatus shown in Figure 6 may be 
used by attaching it to a user terminal which is a com- 
puter, receiver, set-top box, digital recording medium, or 
PDA. However, it is desirable that a data copyright man- 
agement apparatus is factory-installed in the user ter- 
minal in order to eliminate labor and failure during the 
attachment of the apparatus. 

[0278] To accomplish this, in each embodiment of the 
present invention, a data copyright management appa- 
ratus is implemented in the form of a monolithic IC, hy- 
brid IC, or built-in subboard and is incorporated in a user 
terminal such as computer apparatus such as personal 
computers, receivers such as television sets, set-top 
boxes used with those receivers, digital recording me- 
dium such as digital video tape recorders, digital video 
disk recorders, and digital audio tape (DAT) which store 
digital signals, or personal digital assistants (PDA). 
[0279] Further, the apparatus for managing data cop- 
yright described above can be applied not only to the 
data utilization but also to the handling of the digital cash 
and video conference systems. 
[0280] The digital cash system which has been pro- 
posed so far is based on a secret-key cryptosystem . The 
encrypted digital cash data is transferred from a bank 
account or a cash service of a credit company, and is 
stored in the IC card so that a terminal device for input/ 
output is used to make a payment. The digital cash sys- 
tem which uses this IC card as an electronic cash-box 
can be used at any place such as shops or the like as 
long as the input/ output terminal is installed. However, 
the system cannot be used at places such as homes or 
the like where no input/output terminal is installed. 
[0281 ] Since the digital cash is an encrypted data, any 
device can be used as the electronic cash-box which 
stores digital cash data, in addition to the IC card, as 
long as the device can store encrypted data and transmit 
the data to the party to which the payment is made. As 
a terminal which can be specifically used as the elec- 
tronic cash-box, there are personal computers, intelli- 
gent television sets, portable telephone sets such as 
personal information terminal, personal handyphone 
system (PHS), intelligent telephone sets, and PC cards 
or the like which has an input/ output function. 
[0282] Trades in which such terminals are used as an 
electronic cash-box for a digital cash can be actualized 
by replacing in the constitution of the data copyright 
management system, the database with a customer's 
bank, a first user terminal with a customer, the second 
userterminal with a retailer, the copyright control center 
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with a retailer's bank and a third user terminal with a 
wholesaler or a maker. 

[0283] An example of the trading system will be ex- 
plained in which the digital cash is transferred via a com- 
munication network by using Figure 14. 
[0284] The example uses the constitution of the data 
copyright management system shown in Figure 1. In 
Figure 14, reference numeral 111 represents a custom- 
er 112 a bank of the customer 111, 113 a retail shop, 
114 a bank of the retail shop 113, 115 a maker, 116 a 
bank of the maker 115,2a communication network such 
as a public line provided by a communication enterprise 
or CATV line provided by a cable television enterprise. 
Customer 111 , the customer's bank 112, the retail shop 
1 1 3, the retail shop's bank 1 1 4, the maker 1 1 5, the mak- 
er's bank 1 1 6 can be mutually connected with the com- 
munication network 2. In this system, the customer 111 
can use a credit company offering cashing service other 
than banks and he can also Interpose appropriate 
number of wholesalers between the retail shop and the 
maker. 

[0285] In addition, 1 1 7 and 1 1 8 are either IC cards or 
PC cards in which digital cash data is stored. The cards 
are used when the communication network is not used. 
[0286] Incidentally, in Figure 14, what is represented 
by a broken line is a path of encrypted digital cash data, 
what is represented by the solid line is a path of requests 
from the customer, the retail shop or the maker, and 
what is represented by a one-dot chain line is a path of 
the secret-key from each bank. 
[0287] In this example, first secret- key prepared by 
the customer's bank 112, the second secret-key gener- 
ated by the customer the third secret-key generated by 
the retail shop, and the fourth secret-key prepared by 
the maker are used as crypt keys. 
[0288] Further, while the customer's bank 112, the re- 
tail shop's bank 114, and the maker's bank 11 6 are ex- 
plained as separate entities, these can be considered 
as a financial system as a whole. 
[0289] Digital cash management program P for en- 
crypting and decrypting the digital cash data is prelimi- 
narily distributed to the customer 111 and is stored in 
the user terminal. Further, it is possible to transfer the 
digital cash management program P together with data 
every time trade with the bank is executed. Further, it is 
desirable to install the common digital cash manage- 
ment program P in all banks. 

[0290] The customer 111 uses the user terminal to 
designate the amount of money via the communication 
network 2 to request drawing out from the account of 
the customer's bank 112 to the bank. At this time, the 
terminal presents customer information Ic of the cus- 
tomer 111. 

[0291] The customer's bank 112 which receives the 
customer's request of drawing out from the account se- 
lects or generates the first secret-key Ks1 so that the 
digital cash data MO of the amount is encrypted by the 
first secret-key Ks1 : 



Cm0ks1=E(Ks1, MO) 

and the encrypted digital cash data CmOksl and the first 
5 secret-key Ks1 for a decrypting key are transferred to 
the customer 111 , and the customer information Ic and 
the first secret-key Ks1 are stored. 
[0292] In this case, the first secret-key Ks1 can be se- 
lected from what is preliminarily prepared by the cus- 
10 tamer's bank 112, and also may be generated by pres- 
entation of the customer information Ic at the time of 
drawing by the customer using the digital cash manage- 
ment program P on the basis of the customer informa- 
tion Ic: 

15 

Ks1=P(lc). 

[0293] Through this means; the first secret-key Ks1 
20 can be private for the customer 1 1 1 . At the same time, 
it is not necessary to transfer the first secret-key Ks1 to 
the customer 111 so that the safety of the system can 
be heightened. 

[0294] Further, the first secret-key Ks1 can be gener- 
25 ated on the basis of the bank information lbs of the cus- 
tomer's bank 1 1 2 or on the basis of the bank information 
lbs and the date of key generation. 
[0295] The customer 111 to which the encrypted dig- 
ital cash data CmOksl and the first secret-key Ks1 are 
30 transferred generates second secret-key Ks2 according 
to any one or both of the customer information Ic and 
the first secret-key Ks1 using the digital cash manage- 
ment program P, for example: 

35 

Ks2=P(lc) 

and the generated second secret-key Ks2 is stored in 
the user terminal. 
40 [0296] Further, the customer 111 uses the first secret- 
key Ks1 to decrypt the encrypted digital cash data 
CmOksl with the digital cash management program P: 

45 M0=D(Ks1, CmOksl) 

and the content is confirmed. When the decrypted digital 
cash data MO whose content is confirmed is stored in 
the user terminal as a cash-box, it is encrypted by the 
so generated second secret-key Ks2 using the digital cash 
management program P: 

CmOKs2=E(Ks2, MO). 

55 

[0297] The first secret-key Ks1 is disused at this time. 
[0298] The customer 1 1 1 who wishes to buy an article 
from the retail shop 113 decrypts the encrypted digital 
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cash data Cm0ks2 which is stored in the user terminal 
as a cash-box by the digital cash management program 
P using the second secret-key Ks2: 

M0=D(Ks2 t Cm0ks2) 

and the digital cash data M1 which corresponds to the 
necessary amount of money is encrypted by the second 
secret-key ks2 using the digital cash management pro- 
gram P: 

Cm1ks2=E(Ks2, M1) 

and then, the payment is made by transmitting the en- 
crypted digital cash data Cm1ks2 to the user terminal 
as a cash-box of retail shop 113 via the communication 
network 2. 

[0299] At this time, the customer information Ic is also 
transmitted to the user terminal of the retail shop 113. 
[0300] Further, the residual amount digital cash data 
M2 is encrypted by the second secret-key Ks2 using the 
digital cash management program P: 

Cm2ks2=E(Ks2 ) M2) 

and stored in the user terminal of the customer 111 . 
[0301] The retail shop 1 1 3 to which the encrypted dig- 
ital cash data Cm1 ks2 and the customer information Ic 
are transferred stores the transferred encrypted digital 
cash data Cm1ks2 and customer information Ic in the 
user terminal, and presents the customer information Ic 
to the retail shop's bank 1 1 4 via the communication net- 
work 2 for confirming the content to request the trans- 
mission of the second secret-key Ks2 for decription. 
[0302] The retail shop's bank 1 14 which is requested 
by the retail shop 113 to transmit the second secret-key 
Ks2 transmits the request of the transmission of the sec- 
ond secret-key Ks2 and the customer information Ic to 
the customer's bank 112. 

[0303] The customer's bank 112 which is requested 
to transmit the second secret-key Ks2 from the retail 
shop's bank 114 generates the second secret-key Ks2 
according to the customer information Ic by the digital 
cash management program P in the case where the sec- 
ond secret- key Ks2 is based only on the customer infor- 
mation Ic, or generates the second secret-key Ks2 ac- 
cording to the customer information Ic and the first se- 
cret-key Ks1 by the digital cash management program 
P in the case where the second secret- key Ks2 is based 
on the customer information Ic and the first secret-key 
Ks1 , and transmits the generated second secret-key 
Ks2 to the retail shop's bank 114. 
[0304] The retail shop's bank 114 to which the second 
secret-key Ks2 is transmitted from the customer's bank 
112 transmits the second secret-key Ks2 to the retail 



shop 113 via the communication network 2. 
[0305] The retail shop 1 1 3 to which the second secret- 
key Ks2 is transferred decrypts the encrypted digital 
cash data Cm1 ks2 by the second secret- key Ks2 using 
the digital cash management program P: 

M1=D(Ks2, Cm1ks2) 

and after confirming the amount of money, forwards the 
article to the customer 111 . 

[0306] Incidentally, in this case, the retail shop 111 
can directly requests the transfer of the second secret- 
key Ks2 to the customer's bank 112 instead of the retail 
shop's bank 114. 

[0307] In case where the digital cash received by the 
retail shop 113 is deposited in the account of the retail 
shop's bank 114, the customer information Ic is trans- 
ferred to the retail shop's bank 1 1 4 together with the en- 
crypted digital cash data Cm1ks2 via the communica- 
tion network 2. 

[0308] The retail shop's bank 114 to which the en- 
crypted digital cash data Cm1 ks2 and the customer in- 
formation Ic are transferred requests the transfer of the 
second secret-key Ks2 to the customer's bank 112 by 
transmitting the customer information Ic. 
[0309] The customer's bank 112, which is requested 
to transfer the second secret-key Ks2 from the retail 
shop's bank 114, generates the second secret-key Ks2 
according to the customer's information Ic by the digital 
cash management program P when the second secret- 
key Ks2 is only based on the customer's information Ic, 
or generates the second secret-key Ks2 according to 
the customer's information Ic and the first secret-key 
Ks1 by the digital cash management program P when 
the second secret-key Ks2 is based on the customer's 
information Ic and the first sec ret- key Ks1 , then the gen- 
erated second secret-key Ks2 is transferred to the retail 
shop's bank 114. 

[031 0] The retail shop's bank 1 1 4, to which the second 
secret-key Ks2 is transferred from the customer's bank 
112, decrypts the encrypted digital cash data Cm1ks2 
by the second secret-key Ks2 using the digital cash 
management program P: 

M1=D(Ks2,Cm1ks2) 

and the decrypted digital cash data M1 is deposited in 
the bank account of the retail shop's bank 114. 
[0311] In the general trade system, the retail shop 113 
stocks products from the maker 11 5 or from the whole- 
saler which intervenes between the retail shop 113 and 
the maker 115. Then the retail shop 113 sells the prod- 
ucts to the customer 111 . Consequently, a trading form 
is present between the customer 1 1 1 and the retail shop 
113 just as between the retail shop 113 and the maker 
115. 
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[0312] The handling of the digital cash between the 
retail shop 1 1 3 and the maker 1 1 5 is not basically differ- 
ent from the handling of the digital cash which is carried 
out between the customer 111 and the retail shop 113. 
Therefore, the explanation there will be omitted for the 5 
sake of clarity. 

[0313] In this digital cash system, the digital cash is 
handled through banks. As information such as the 
processed amount of the digital cash, date, and the se- 
cret-key demanding party information with respect to the 
handling of the digital cash is stored in the customer's 
bank, the residual amount of digital cash and usage his- 
tory can be grasped. 

[0314] Even in the case where the userterminal which 
is an electronic cash-box storing the digital cash data 
cannot be used owing to the loss or the breakage, it is 
possible to reissue the digital cash on the basis of the 
residual amount, and usage history kept in the custom- 
er's bank. 

[0315] It is desirable to add a digital signature to the 
digital cash data for heighten the safety of the digital 
cash. 

[0316] In this example, digital cash is added by the 
customer's information which may be accompanied by 
digital signature. Therefore, the digital cash in the ex- 
ample can also have a function of settlement system for 
checques drawn by customers. 
[0317] Also this system can be applicable to various 
systems in the international trading such as payment 
settlement of import/export by a negotiation by a draft 
using a letter of credit and a bill of lading which have 
been executed by documents. 
[0318] In the video conference system, a television 
picture has been added to the conventional voice tele- 
phone set. Recently the video conference system is ad- 
vanced in which a computer system is incorporated in 
the video conference system so that the quality of the 
voice and the picture are improved, and data can be 
handled at the same time as well as the voice and the 
picture. 

[0319] Under these circumstances, security against 
the violation of the user's privacy and the data leakage 
due to eavesdropping by persons other than the partic- 
ipants of the conference are protected by the cryptosys- 
tem using a secret-key. 

[0320] However, since the conference content ob- 
tained by the participants themselves are decrypted, in 
the case where participants themselves store the con- 
tent of the conference and sometimes edit the content, 
and further, use for secondary usage such as distribu- 
tion to the persons other than the participants of the con- 
ference, the privacy of other participants of the video 
conference and data security remains unprotected. 
[0321] In particular, the compression technology of 
the transmission data is advanced while the volume of 
the data storage medium is advanced with the result that 
the possibility is getting more and more realistic that all 
the content of the video conference is copied to the data 



storage medium or is transmitted via a network, 
[0322] In view of the circumstances, the example is 
intended, when video conference participants perform 
secondary use, to secure the privacy of other partici- 
pants and data security by using the aforementioned 
constitution of the data copyright management system. 
[0323] This video conference data management sys- 
tem can be actualized, for example, by replacing the da- 
tabase in the data copyright management system con- 
stitution shown in Figure 1 with a participant of the video 
conference, the first user terminal with another partici- 
pant of the video conference, and the second user ter- 
minal with non-participant of the video conference. 
[0324] An example when utilizing will be explained by 
using Figure 15. 

[0325] Referring to Figure 15, reference numeral 121 
represents a participant as a host of the video confer- 
ence, 122 a participant of the video conference as a 
guest, 1 23 a non-participant of the video conference as 
a user, 124 a non-participant of the video conference as 
another user, 2 a communication network such as a pub- 
lic telephone line provided by the communication enter- 
prise and a CA television line provided by the cable tel- 
evision enterprise or the like. The participant 1 21 of the 
video conference is connected to the participant 122 of 
the video conference via the communication network 2. 
Further, the participant 1 22 of the video conference can 
be connected to the non-participant 123 of the video 
conference, and the non-participant 123 of the video 
conference to the non-participant 124 of the video con- 
ference, via the communication network 2. Reference 
numeral 125 and 126 represent a data recording medi- 
um. 

[0326] Referring to Figure 1 5, what is represented by 
the broken line is a path of the encrypted video confer- 
ence content, represented by the solid line is a path re- 
questing the crypt key from the non -participants of the 
video conference 123 and 124 to the participant of the 
television conference 121 , and represented by the one- 
dot chain line is a path of crypt keys from the participant 
of the video conference 1 21 to the participant of the vid- 
eo conference 1 22 and the non-participants of the video 
conference 123 and 124. 

[0327] In this example, a video conference data man- 
agement system is described here only the protection 
for data security and privacy in case of the video con- 
ference participant 1 21 to simplify the explanation, how- 
ever, it is of course, possible to protect for data security 
and privacy of the video conference participant 122. 
[0328] A video conference data management pro- 
gram P for encryption/decryption of the video confer- 
ence data of the participant 121 including audio and pic- 
ture is previously distributed to the video conference 
participant 122 and the video conference non-partici- 
pants 123 and 124, and is stored in each terminal. This 
video conference data management program P may be 
transferred whenever a crypt- key is transferred. 
[0329] In this example, further, a first secret-key pre- 
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pared by the video conference participant 1 21 , a second 
secret-key prepared by the video conference participant 
t22, a third secret-key prepared by the video conference 
non-participant 123 and subsequent secret-keys pre- 
pared similarly are used as a crypt key. 
[0330] The video conference participant 121 and the 
video conference participant 1 22 perform the video con- 
ference by transmitting audio, picture and data (referred 
to as video conference data on the whole) each other, 
using each terminal via communication network 2. Be- 
fore the video conference, the video conference partic- 
ipant 121 generates or selects the first secret-key Ks1 
to transfer to the video conference participant 1 22 prior 
to the start of the video conference. 
[0331] The video conference participant 122 receiv- 
ing the first secret-key Ks1 generates the second secret- 
key Ks2 by the first secret-key Ks1 using the video con- 
ference data management program P: 

Ks2=P(Ks1). 

[0332] The generated second secret- key Ks2 is 
stored in the terminal. 

[0333] The video conference participant 1 21 encrypts 
the video conference data MO with the first secret-key 
Ks1 , in the video conference through the communica- 
tion network 2: 

Cm0ks1=E(Ks1,M0) 

and transfers the encrypted video conference data 
CmOksl to the video conference participant 122. 
[0334] The video conference participant 1 22 who re- 
ceives the video conference data CmOksl encrypted by 
the first secret-key Ks1 decrypts the video conference 
data CmOksl by the first secret-key Ks1 : 

M0=D(ks1, CmOksl) 

and uses decrypted video conference data MO. 
[0335] Further, the second secret-key Ks2 is generat- 
ed based on the first secret-key Ks1 with the video con- 
ference data management program P: 

Ks2=P(Ks1). 

[0336] In the case where the decrypted video confer- 
ence data MO is stored in the terminal of the participant 
122 of the video conference, copied to the data record 
medium 1 25, or transferred to the non-participant of the 
video conference via the communication network 2, the 
data M is encrypted by the second secret-key Ks2 using 
the video conference data management program P: 



Cmks2=E(Ks2, M). 

[0337] The encrypted data Cmks2 is copied to the 
5 record medium 1 25 or supplied to the non-participant of 
the video conference via the communication network 2, 
together with the video conference data name or the vid- 
eo conference data number. 

[0338] The non-participant of the video conference 
w 1 23 who obtains the encrypted data CmKs2 requests to 
the participant 121 for the secondary use of the video 
conference data M from the terminal by specifying the 
name or number of the video conference data. 
[0339] The participant 121 of the video conference 
who receives the request for the second use of the data 
M finds out the first secret-key Ks1 according to the 
name or the number of the video conference data name 
or number to generate the second secret-key Ks2 based 
on the first secret- key Ks1 : 

20 

Ks2=P(Ks1) 

and supplies the generated second secret-key Ks2 to 
25 the non-participant of the video conference 123. 

[0340] The non-participant of video conference 123 
who receives the second secret-key Ks2 decrypts the 
encrypted data Cmks2 by the second secret-key Ks2 by 
using the television conference data management pro- 
30 gram P: 

M=D(Ks2, Cmks2) 

35 and then, uses decrypted video conference data M. 
[0341] In the case where the video conference data 
M is stored in the terminal of the non-participant of the 
video conference 1 23, copied to the record medium 1 26, 
or transmitted to the non-participant of the video confer- 
ee ence 124, the video conference data M is encrypted by 
the second secret-key Ks2 using the video conference 
data management program P: 

45 Cmks2=E(Ks2, M). 

[0342] Incidentally, the third secret-key Ks3 may be 
generated on the basis of the second secret-key Ks2 
with the video conference data management program P: 

50 

Ks3=P(Ks2). 

and the data M can be encrypted with the video confer- 
ss ence data management program P by this generated 
third secret-key Ks3: 
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Cmks3=E(Ks3, M). 



Claims 

1 . A data copyright management apparatus compris- 
ing: 

a user terminal (20, 95, 105) having a second 
microprocessor (21, 46) 
a first microprocessor (1 6) 
a first local bus (17) connected to said first mi- 
croprocessor (16) 

a read-only semiconductor memory (18) and a 
read/write memory (1 9) connected to said local 
bus (17); 

wherein one of the second microprocessor (21 , 46) 
and the first microprocessor (1 6) performs decryp- 
tion of encrypted digital data and the other concur- 
rently performs re-encryption of the decrypted dig- 
ital data. 

2. A data copyright management apparatus compris- 
ing 

a first microprocessor (16) and a second micro- 
processor (91); 

a first local bus (17) connected to said first mi- 
croprocessor (16); 

a first read-only semiconductor memory (18) 
and first read/write memory (19) connected to 
said first local bus (17); and, 

a second local bus (94) connected to said sec- 
ond microprocessor (91) 

a second read-only semiconductor memory 
(92) and a second read/write memory (93) con- 
nected to said second local bus (94); 

wherein, said first microprocessor (1 6) decrypts en- 
crypted digital data, and concurrently said second 
microprocessor (91) re-encrypts the decrypted dig- 
ital data. 

3. A data copyright management apparatus according 
to claim 1 , characterised by 

the read-only semiconductor memory (18) storing a 

data copyright management system program, crypt 

algorithm and user information, 

the read/write memory (1 9) having a first public-key, 

a first private-key, a second public-key and a first 

crypt-key, transmitted during operation; 

an electrically erasable programmable memory (31 ) 



storing a second private-key, a permit-key, a second 
secret- key and copyright information, 
and said first local bus (17) being connected with 
said electrically erasable programmable memory 
5 (31). 

4. A data copyright management apparatus according 
to claim 3, characterised by 

the electrically erasable programmable memory 
10 (31 ) storing a copyright management program, and 
said first local bus (1 7) being connectable to a sys- 
tem bus (22) of said user terminal. 

5. A data copyright management apparatus according 
15 to claim 3, characterised by 

the read-only semiconductor memory (18), the 
electrically erasable programmable memory (31) 
and the read/write memory (19) being connectable 
to a system bus (22) of said user terminal, and 
20 the read-only semiconductor memory (1 8) storing a 
copyright management program. 

6. The data copyright management apparatus accord- 
ing to claim 1 , 2, 3, 4 and 5, wherein the re-encrypt- 

25 ed digital data is stored, copied or transferred. 

7. The data copyright management apparatus accord- 
ing to claim 6, wherein the decrypted digital data is 
further displayed or edited. 

30 

8. The data copyright management apparatus accord- 
ing one of the claims 1 to 7 which is configured in 
the form of an IC. 

35 9. The data copyright management apparatus accord- 
ing to one of the claims 1 to 7, which is configured 
in the form of an IC card. 

10. The data copyright management apparatus accord 
40 jng to one of the claims 1 to 7, which is configured 

in the form of a PC card. 

1 1 . The data copyright management apparatus accord- 
ing to one of the claims 1 to 7, which is configured 

45 in the form of an insertion board. 



PatentansprUche 

50 1. Datenurheberrechts-Verwaltungsvomchtung, wel- 
che aufweist: 

Ein Benutzerendgerat (20, 95, 105) mit einem 
zweiten Mikroprozessor (21 , 46), 

55 

einen ersten Mikroprozessor (16), 

einen ersten lokalen Bus (17), der mit dem er- 
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sten Mikroprozessor (16) verbunden ist; 

einen Halbleiter-Festwertspeicher (18) und ei- 
nen Lese/Schreib-Speicher (19), die mit dem 
lokalen Bus (17) verbunden sind; s 

wobei einer von dem zweiten Mikroprozessor (21, 
46) und dem ersten Mikroprozessor (16) eine Ent- 
schlusselung von verschlusselten digitalen Daten 
durchfuhrt und der andere gleichzeitig eine Wider- 10 
verschlusselung der entschlusselten digitalen Da- 
ten durchfuhrt. 

Datenurheberrechts-Verwaltungsvorrichtung, wel- 
che aufweist, 15 
einen ersten Mikroprozessor (16) und einen zwei- 
ten Prozessor (91); 

einen ersten lokaten Bus (17), der mit dem ersten 
Mikroprozessor (16) verbunden ist; 
einen ersten Halbleiter-Festwertspeicher (18) und 20 
einen ersten Lese/Schreib-Speicher (19). die mit 
dem ersten lokalen Bus (17) verbunden sind; und 
einen zweiten lokalen Bus (94), der mit dem zweiten 
Mikroprozessor (91) verbunden ist; 
einen zweiten Halbleiter-Festwertspeicher (92) und 25 
einen zweiten Lese/Schreib-Speicher (93), die mit 
dem zweiten lokalen Bus (94) verbunden sind; 
bei der der erste Mikroprozessor (1 6) verschlussel- 
te digitale Daten entschlusselt und gleichzeitig der 
zweite Mikroprozessor (91) die entschlusselten di- 30 
gitalen Daten wieder verschlusselt. 

Datenurheberrechts-Verwaltungsvorrichtung nach 
Anspruch 1 , dadurch gekennzeichnet, dass 
der Halbleiter-Festwertspeicher (18) ein Datenur- 3S 
heberrechts-Verwaltungssystemprogramm, einen 
Verschlusselungsalgorithmus und Benutzerinfor- 
mationen speichert, 

der Lese/Schreib-Speicher (1 9) einen ersten offent- 
lichen Schlussel, einen ersten privaten Schlussel, *o 
einen zweiten offentlichen Schlussel und einen er- 
sten Verschlusselungsschlussel hat, die wahrend 
der Operation ubertragen wurden; ein elektrisch 
I oschba re rprogrammierbarer Speicher (31) vorge- 
sehen ist, der einen zweiten privaten Schlussel, ei- 45 
nen Erlaubnisschlussel, einen zweiten Geheim- 
schlussel und Umeberrechts information en spei- 
chert, 

und der erste lokale Bus (1 7) mit dem elektrisch 
loschbaren programmierbaren Speicher (31) ver- so 
bunden ist. 

Datenurheberrechts-Verwaltungsvorrichtung nach 
Anspruch 3, dadurch gekennzeichnet, dass 
der elektrisch loschbare programmierbare Spei- 55 
cher (31) ein Urheberrechtsverwaltungsprogramm 
speichert und der erste lokale Bus (17) mit einem 
Systembus (22) des Benutzerendgerats verbindbar 



ist. 

5. Datenurtieberrechts-Verwaltungsvorrichtung nach 
Anspruch 3, dadurch gekennzeichnet, dass 
der Halbleiter-Festwertspeicher (18), der elektrisch 
loschbare programmierbare Speicher (31 ) und der 
Lese/Schreib-Speicher (19) mit einem Systembus 
(22) des Benutzerendgerats verbindbar sind, und 
der Halbleiter-Festwertspeicher (18) ein Urheber- 
rechtsverwaltungsprogramm speichert. 

6. Daten urheberrechts-Verwaltungsvorrichtung nach 
Anspruch 1, 2, 3, 4 und 5, bei der die wiederver- 
schlusselten digitalen Daten gespeichert, kopiert 
oder ubertragen werden. 

7. Daten urheberrechts-Verwaltungsvorrichtung nach 
Anspruch 6, bei der die entschlusselten digitalen 
Daten weiterhin angezeigt Oder aufbereitet werden. 

8. Datenurhebeirechts-Verwaltungsvorrichtung nach 
einem der Anspruch e 1-7, welche in der Form einer 
IC (integrierte Schaltung) konfiguriert ist. 

9. Datenurheberrechts-Verwaltungsvorrichtung nach 
einem der Anspruche 1-7, welche in der Form einer 
IC-Karte konfiguriert ist. 

10. Datenurheberrechts-Verwaltungsvorrichtung nach 
einem der Anspruche 1-7, welche in der Form einer 
PC-Karte konfiguriert ist. 

11. Datenurheberrechts-Verwaitungsvorrichtung nach 
einem der Anspruche 1-7, welche in der Form einer 
Einsteckkarte konfiguriert ist. 



Revendications 

1. Appareil de gestion de donnees de copyright 
comprenant : 

un terminal utilisateur (20, 95, 105) possedant 
un deuxieme microprocesseur (21 , 46) 
un premier microprocesseur (1 6) 
un premier bus local (17) relie audit premier mi- 
croprocesseur (16) 

une memoire morte & semi-conducteurs (1 8) et 
une memoire vive (19) reliees audit bus local 
(17); 

dans lequel Tun parmi le deuxieme micropro- 
cesseur (21 , 46) et le premier microprocesseur (16) 
effectue un decryptage de donnees numeriques en- 
cryptees et I'autre effectue simultanement un re-en- 
cryptage des donnees numeriques decryptees. 

2. Appareil de gestion de donnees de copyright com- 
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prenant 

un premier microprocesseur (16) et un 
deuxifcme microprocesseur (91) ; 

un premier bus local (17) reli§ audit premier 
microprocesseur (16) ; 

une premiere memoire morte a semi-conduc- 
teurs (1 8) et une premi&re memoire vive (1 9) relives 
audit premier bus local (1 7) ; et 

un deuxieme bus local (94) relte audit deuxie- 
me microprocesseur (91) 

une deuxieme memoire morte k semi-con- 
ducteurs (92) et une deuxieme m§moire vive (93) 
reliees audit deuxieme bus local (94) ; 

dans lequel (edit premier microprocesseur 
(1 6) decrypte des donnees numeriques encryptees, 
et ledit deuxieme microprocesseur (91 ) re-encrypte 
simultanement les donnees numeriques decryp- 
tees. 

3. Appareil de gestion de donnees de copyright selon 
la revendication 1 , caracterise par 

la memoire morte a semi -con ducteurs (18) 
stockant un programme de systeme de gestion de 
donn6es de copyright, un algorithme de cryptage et 
des informations utilisateur, 

la mSmoire vive (1 9) poss6dant une premiere 
cl6 publique, une premiere cl£ privee, une deuxie- 
me cle publique et une premiere cle de cryptage, 
transmises pendant une operation ; 

une memoire programmable effacable electri- 
quement (31) stockant une deuxieme cl6 privee, 
une cl6 d'autorisation, une deuxieme cle secrete et 
des informations de copyright, 

et ledit premier bus local (17) §tant reli6 k la- 
dite m6moire programmable effacable electrique- 
ment (31). 

4. Appareil de gestion de donnees de copyright selon 
la revendication 3, caracterise par 

la memoire programmable effacable electri- 
quement (31) stockant un programme de gestion 
de copyright, et ledit premier bus local (1 7) pouvant 
etre relie a un bus systeme (22) dudit terminal utili- 
sateur. 

5. Appareil de gestion de donnees de copyright selon 
la revendication 3, caracterise par 

la memoire morte a semi-conducteurs (18), la 
memoire programmable effagable 6lectriquement 
(31) et la memoire vive (19) pouvant etre relives a 
un bus systeme (22) dudit terminal utilisateur, et 

la memoire morte a semi-conducteurs (18) 
stockant un programme de gestion de copyright. 

6. Appareil de gestion de donn6es de copyright selon 
la revendication 1 , 2, 3, 4 et 5, dans lequel les don- 
nees numeriques encryptees sont stockees, co- 
pi ees ou transferees. 



7. Appareil de gestion de donnees de copyright selon 
la revendication 6, dans lequel les donnees nume- 
riques decryptees sont en outre affichees ou 6di- 
t£es. 

5 

8. Appareil de gestion de donnees de copyright selon 
les revendications 1 a 7, qui est configure sous la 
forme d'un circuit int£gre. 

10 g. Appareil de gestion de donn§es de copyright selon 
Tune des revendications 1 a 7, qui est configure 
sous ta forme d'une carte de circuit integre. 

10. Appareil de gestion de donnees de copyright selon 
15 rune des revendications 1 a 7, qui est configure 

sous la forme d'une carte PC. 

1 1 . Appareil de gestion de donn6es de copyright selon 
I'une des revendications 1 k 7, qui est configure 

20 sous la forme d'une carte d'insertion. 
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